Re: [Openvpn-users] Inactivity timeout

  From: James Yonan
  Date: Mon, 24 Jan 2005

On Mon, 24 Jan 2005, Nate Kroll wrote:

> Users have stated that they will expereince some time periods where they 
> are not able to do anything with the VPN connection.  The clients are 
> Windows XP and Server 2003 mostly.  A user stated that the network 
> device still stated that the tunnel was connected, but it didn't seem to 
> pass any traffic.  Unfortunately, the user wasn't able to provide me 
> with a routing table or any other helpful info.  I looked into the logs 
> when people say they have problms, but there is nothing unusual. 
> I did notice this often:
> Mon Jan 24 15:08:03 2005 User/xxx.xxx.xxx.xxx:1040 [User] Inactivity 
> timeout (--ping-restart), restarting
> I'm wondering if for some reason this may be causing any problems.  Does 
> this simply mean that that client hasn't been doing anything, so the 
> server disconnects them?  Is there a simple way to make the tunnel 
> always there?  Soem of the clients are servers and they should be 
> connected always.  I looked at the man page but I'm confused about how 
> to configure the server and if I need to touch the client configs.

The restart is occuring because a keepalive ping was not received during 
the required time interval.

This usually happens because of short-term network outages.  You can make 
OpenVPN less sensitive to network outages by using a large keepalive 
timeout.  For example,

  keepalive 10 600

will send a ping every 10 seconds, but only restart if a ping hasn't been 
received from the peer for 10 minutes.


