• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Users getting Inactivity timeout (--ping-restart), restarting

Scheduled Pinned Locked Moved OpenVPN
5 Posts 2 Posters 5.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    Stewart
    last edited by Mar 16, 2022, 9:23 PM

    The setup is that a user connects via OpenVPN and all traffic, internal and external, is then routed over the VPN. The leaves users sending their Teams and Zoom calls over the VPN which is needed because they still need access to local resources.

    One user in particular is stating that in the middle of working or Zooming (is that the conjugated verb of using Zoom?) everything stops and the OpenVPN client pops up asking him to log back in. When I checked the logs I can see
    Inactivity timeout (--ping-restart), restarting
    Although I don't know if it correlates to his issues.

    But this led me down the rabbit hole of why are we seeing this? I don't have any special timeout options configured in the client or server configs and my understanding is that OpenVPN by default has no timeout. Can someone shed some light on this?

    V 1 Reply Last reply Mar 17, 2022, 2:45 PM Reply Quote 0
    • V
      viragomann @Stewart
      last edited by Mar 17, 2022, 2:45 PM

      @stewart said in Users getting Inactivity timeout (--ping-restart), restarting:

      The setup is that a user connects via OpenVPN and all traffic, internal and external, is then routed over the VPN. The leaves users sending their Teams and Zoom calls over the VPN which is needed because they still need access to local resources.

      The only possible reason for routing the whole upstream traffic over the VPN is masquerading the users IP. If that is not needed in your case, remove the "redirect gateway" check and enter your local networks the users should have access to into the "Local Network/s" box.

      One user in particular is stating that in the middle of working or Zooming (is that the conjugated verb of using Zoom?) everything stops and the OpenVPN client pops up asking him to log back in. When I checked the logs I can see
      Inactivity timeout (--ping-restart), restarting

      Maybe the users internet connection went down or his WAN IP was renewing?
      You can find the clients public IP in the server log.

      If not that, the client log may be helpful.

      In the server settings, do you have Ping settings > Inactive disabled?

      S 1 Reply Last reply Mar 17, 2022, 3:23 PM Reply Quote 0
      • S
        Stewart @viragomann
        last edited by Mar 17, 2022, 3:23 PM

        Thanks for the reply @viragomann

        The only possible reason for routing the whole upstream traffic over the VPN is masquerading the users IP. If that is not needed in your case, remove the "redirect gateway" check and enter your local networks the users should have access to into the "Local Network/s" box.

        We route the remainder of the traffic so that when the user is connected into the corporate network the traffic is filtered and protected as if they were in the office.

        Maybe the users internet connection went down or his WAN IP was renewing?

        His IP doesn't change. All activity from that user shows the same IP. Maybe an IP renewal but it sure doesn't appear to follow that pattern. He says it happens several times a day.
        10:05 - User Authenticated
        11:05 - User Authenticated
        11:23 - Inactivity Timeout , restarting
        11:26 - User Authenticated
        12:06 - Inactivity Timeout , restarting
        12:33 - User Authenticated
        13:33 - User Authenticated
        14:33 - User Authenticated
        14:44 - Inactivity Timeout , restarting
        15:39 - User Authenticated
        16:39 - User Authenticated
        There certainly appears to be some 60 minute threshold as well as some form of Timeout. I'm not sure which is causing it to pop up and making him log in again, though.

        If not that, the client log may be helpful.

        We need to get on that machine and pull it. Haven't had a chance to yet.

        In the server settings, do you have Ping settings > Inactive disabled?

        I don't have that option from what I can see. Where would I see it?

        V 1 Reply Last reply Mar 17, 2022, 4:26 PM Reply Quote 0
        • V
          viragomann @Stewart
          last edited by Mar 17, 2022, 4:26 PM

          @stewart said in Users getting Inactivity timeout (--ping-restart), restarting:

          There certainly appears to be some 60 minute threshold as well as some form of Timeout. I'm not sure which is causing it to pop up and making him log in again, though.

          The 'user authenticated' once per hour is the expected TLS key renegotiation. But this works in the background and does not cause any pop up nor any user action.

          The pop up seem quite strange to me. Which client is it?
          On Windows with OpenVPN GUI, when I disconnect to network and reconnect it after 1 minute, there is nothing popping up. The OpenVPN GUI icon moves to yellow and back to green after reconnecting, but nothing else.

          In the server settings, do you have Ping settings > Inactive disabled?

          I don't have that option from what I can see. Where would I see it?

          74159369-4841-4965-83e1-da6e3d6a11c3-grafik.png

          S 1 Reply Last reply Mar 17, 2022, 5:13 PM Reply Quote 0
          • S
            Stewart @viragomann
            last edited by Mar 17, 2022, 5:13 PM

            @viragomann
            What you are seeing is what I would expect and seems pretty normal. What the user is experiencing is not.

            That's in OpenVPN? The only sections I have are:
            General Information
            Cryptographic Settings
            Tunnel Settings
            Client Settings
            Advanced Client Settings
            Advanced Configuration

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received