[Openvpn-users] Re: ping-restart resolv-retry

  • Subject: [Openvpn-users] Re: ping-restart resolv-retry
  • From: "Neal D. Becker" <ndbecker2@xxxxxxxxxxx>
  • Date: Thu, 12 Feb 2004 12:50:35 -0500

Tom Barcellona wrote:

>> So I also need to set --resolv-retry to some arbitrary
>> value?
> No, --ping-restart says that after x number of seconds, if no data is
> received from the other end, restart openvpn. --resov-retry says that if
> the connection is restarted, try to resolve the domain name of the other
> computer for x number of seconds. If you can't resolve it in that amount
> of time, give up.
> So, "--ping-restart 30 --resolv-retry 60" for example, would tell
> openvpn to restart the connection thirty seconds after the last time it
> heard anything from the other side; and when it brings the connection
> back up, only spend sixty seconds trying to resolve the other computer's
> domain name before giving up alltogether and quitting. Resolv-retry
> seems like it is best used to keep openvpn from wasting its time trying
> to connect to a computer that is likely not even there anymore. (if it
> was, then presumably it would have updated its dns record.)

I think you misunderstood me.

The man page says:
If  the  peer  cannot  be  reached, a restart will be triggered,
causing the hostname used with --remote to  be  re-resolved  (if
--resolv-retry is also specified).

This suggests that the hostname will not be re-resolved *unless
resolv_retry* was specified.

Is the manpage wrong?  Or just confusing?  Or what?  I don't need
resolve_retry because I expect resolve to fail, I want to re-resolve the
hostname because the IP may change due to DHCP.

