|
|
"Neal D. Becker" <ndbecker2@xxxxxxxxxxx> said: > Tom Barcellona wrote: > > >> So I also need to set --resolv-retry to some arbitrary > >> value? > > > > No, --ping-restart says that after x number of seconds, if no data is > > received from the other end, restart openvpn. --resov-retry says that if > > the connection is restarted, try to resolve the domain name of the other > > computer for x number of seconds. If you can't resolve it in that amount > > of time, give up. > > > > So, "--ping-restart 30 --resolv-retry 60" for example, would tell > > openvpn to restart the connection thirty seconds after the last time it > > heard anything from the other side; and when it brings the connection > > back up, only spend sixty seconds trying to resolve the other computer's > > domain name before giving up alltogether and quitting. Resolv-retry > > seems like it is best used to keep openvpn from wasting its time trying > > to connect to a computer that is likely not even there anymore. (if it > > was, then presumably it would have updated its dns record.) > > > > I think you misunderstood me. > > The man page says: > --ping-restart: > If the peer cannot be reached, a restart will be triggered, > causing the hostname used with --remote to be re-resolved (if > --resolv-retry is also specified). > > This suggests that the hostname will not be re-resolved *unless > resolv_retry* was specified. > > Is the manpage wrong? Or just confusing? Or what? I don't need > resolve_retry because I expect resolve to fail, I want to re-resolve the > hostname because the IP may change due to DHCP. I agree that the man page could be more clear on this. By default, on initial startup and restart, the --remote name is resolved once. If the DNS resolve fails, OpenVPN will abort. If --resolve-retry is specified, the DNS resolve will be retried for n seconds. After n seconds, if the DNS lookup has not been successful, OpenVPN will abort. Recent versions of OpenVPN allow n to be "infinite". If you want to disable the DNS re-resolve on restart, you can use --persist-remote-ip. This will "recycle" the previously used --remote IP address without doing a new DNS lookup. James ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |