[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Inactivity timeout

  • Subject: Re: [Openvpn-users] Inactivity timeout
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Mon, 24 Jan 2005 23:49:44 -0700 (MST)

On Mon, 24 Jan 2005, Nate Kroll wrote:

> Users have stated that they will expereince some time periods where they 
> are not able to do anything with the VPN connection.  The clients are 
> Windows XP and Server 2003 mostly.  A user stated that the network 
> device still stated that the tunnel was connected, but it didn't seem to 
> pass any traffic.  Unfortunately, the user wasn't able to provide me 
> with a routing table or any other helpful info.  I looked into the logs 
> when people say they have problms, but there is nothing unusual. 
> I did notice this often:
> Mon Jan 24 15:08:03 2005 User/xxx.xxx.xxx.xxx:1040 [User] Inactivity 
> timeout (--ping-restart), restarting
> I'm wondering if for some reason this may be causing any problems.  Does 
> this simply mean that that client hasn't been doing anything, so the 
> server disconnects them?  Is there a simple way to make the tunnel 
> always there?  Soem of the clients are servers and they should be 
> connected always.  I looked at the man page but I'm confused about how 
> to configure the server and if I need to touch the client configs.

The restart is occuring because a keepalive ping was not received during 
the required time interval.

This usually happens because of short-term network outages.  You can make 
OpenVPN less sensitive to network outages by using a large keepalive 
timeout.  For example,

  keepalive 10 600

will send a ping every 10 seconds, but only restart if a ping hasn't been 
received from the peer for 10 minutes.


Openvpn-users mailing list