OpenVPN tunnel restarting - set keepalive?
-
Hi,
I am having an issue on a site to site OpenVPN connection between 2 PFSense firewalls. It appears the OpenVPN tunnel is timing out due to inactivity and restarting.Dec 1 04:13:50 remote-office openvpn[15054]: Initialization Sequence Completed
Dec 1 04:13:48 remote-office openvpn[15054]: Peer Connection Initiated with [AF_INET]RE.MO.TE.IP:1194
Dec 1 04:13:18 remote-office openvpn[15054]: UDPv4 link remote: [AF_INET]RE.MO.TE.IP:1194
Dec 1 04:13:18 remote-office openvpn[15054]: UDPv4 link local (bound): [AF_INET]LO.CA.L.IP
Dec 1 04:13:18 remote-office openvpn[15054]: Preserving previous TUN/TAP instance: ovpnc2
Dec 1 04:13:18 remote-office openvpn[15054]: Re-using pre-shared static key
Dec 1 04:13:18 remote-office openvpn[15054]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Dec 1 04:13:16 remote-office openvpn[15054]: SIGUSR1[soft,ping-restart] received, process restarting
Dec 1 04:13:16 remote-office openvpn[15054]: Inactivity timeout (–ping-restart), restartingI use OSPF over the VPN so that (I would hope) would be enough traffic to keep the tunnel up.
I've seen some things in the forums and other OpenVPN threads about setting a ping keepalive of some kind. One post also noted that the default in PFSense is 5 pings/60 seconds. Is this a fact? Is there a way to change this? And last question - I am overlooking something? Is there a way to just keep the tunnel up indefinitely?
-
OpenVPN on pfSense will send more than enough keep alives to keep that up, and OSPF's hello packets would be more than enough as well. For what you show to happen it really would have to lose connectivity for 60+ continuous seconds between the sites.
