OpenVPN Clients don't reset if renegotiation times out
-
I've only been working with OpenVPN for a couple years and I've done a lot of things with it but I've run into something I'm uncertain of.
We're using OpenVPN 2.5.2 client with Server 1.6_2 on Netgate 7100 build 21.05 for remote user connectivity with radius MFA. We have the client and server set to renegotiate at the 4 hour mark but if they miss their opportunity/notification and it times out they tend to get stuck in limbo and can't reconnect. However, if we cycle the OpenVPN service on the client it connects and authenticates without any issue.
I've had one user who went to bed and the renogiation process timed out and he was still unable to reconnect or access anything the next morning. I was thinking about dropping the Inactive timer down a bit but that has me scratching my head.
dev tun persist-tun persist-key data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC data-ciphers-fallback AES-256-CBC auth SHA256 tls-client client resolv-retry infinite remote XX.XX.XX.XX 1194 udp4 setenv opt block-outside-dns verify-x509-name "Srv" name auth-user-pass ca PXXXX.com-ca.crt cryptoapicert "SUBJ:XXX@home.com, XX, XXXXXXX, XXXXXXXXX, XXXXXXXXXX" tls-auth XXXXXXXXXXX@XXXXXXXXXXXX.com-tls.key 1 remote-cert-tls server explicit-exit-notify reneg-sec 14400