[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Re: ping-restart resolv-retry

  • Subject: Re: [Openvpn-users] Re: ping-restart resolv-retry
  • From: "James Yonan" <jim@xxxxxxxxx>
  • Date: Thu, 12 Feb 2004 18:27:04 -0000

"Neal D. Becker" <ndbecker2@xxxxxxxxxxx> said:

> Tom Barcellona wrote:
> >> So I also need to set --resolv-retry to some arbitrary
> >> value?
> > 
> > No, --ping-restart says that after x number of seconds, if no data is
> > received from the other end, restart openvpn. --resov-retry says that if
> > the connection is restarted, try to resolve the domain name of the other
> > computer for x number of seconds. If you can't resolve it in that amount
> > of time, give up.
> > 
> > So, "--ping-restart 30 --resolv-retry 60" for example, would tell
> > openvpn to restart the connection thirty seconds after the last time it
> > heard anything from the other side; and when it brings the connection
> > back up, only spend sixty seconds trying to resolve the other computer's
> > domain name before giving up alltogether and quitting. Resolv-retry
> > seems like it is best used to keep openvpn from wasting its time trying
> > to connect to a computer that is likely not even there anymore. (if it
> > was, then presumably it would have updated its dns record.)
> > 
> I think you misunderstood me.
> The man page says:
> --ping-restart:
> If  the  peer  cannot  be  reached, a restart will be triggered,
> causing the hostname used with --remote to  be  re-resolved  (if
> --resolv-retry is also specified).
> This suggests that the hostname will not be re-resolved *unless
> resolv_retry* was specified.
> Is the manpage wrong?  Or just confusing?  Or what?  I don't need
> resolve_retry because I expect resolve to fail, I want to re-resolve the
> hostname because the IP may change due to DHCP.

I agree that the man page could be more clear on this.

By default, on initial startup and restart, the --remote name is resolved
once.  If the DNS resolve fails, OpenVPN will abort.

If --resolve-retry is specified, the DNS resolve will be retried for n
seconds.  After n seconds, if the DNS lookup has not been successful, OpenVPN
will abort.  Recent versions of OpenVPN allow n to be "infinite".

If you want to disable the DNS re-resolve on restart, you can use
--persist-remote-ip.  This will "recycle" the previously used --remote IP
address without doing a new DNS lookup.


SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
Openvpn-users mailing list