[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Inactivity timeout


  • Subject: Re: [Openvpn-users] Inactivity timeout
  • From: Nate Kroll <krolln@xxxxxxxx>
  • Date: Wed, 26 Jan 2005 07:40:40 -0600



Users have stated that they will expereince some time periods where they are not able to do anything with the VPN connection. The clients are Windows XP and Server 2003 mostly. A user stated that the network device still stated that the tunnel was connected, but it didn't seem to pass any traffic. Unfortunately, the user wasn't able to provide me with a routing table or any other helpful info. I looked into the logs when people say they have problms, but there is nothing unusual.

I did notice this often:
Mon Jan 24 15:08:03 2005 User/xxx.xxx.xxx.xxx:1040 [User] Inactivity timeout (--ping-restart), restarting


I'm wondering if for some reason this may be causing any problems. Does this simply mean that that client hasn't been doing anything, so the server disconnects them? Is there a simple way to make the tunnel always there? Soem of the clients are servers and they should be connected always. I looked at the man page but I'm confused about how to configure the server and if I need to touch the client configs.



The restart is occuring because a keepalive ping was not received during the required time interval.


This usually happens because of short-term network outages. You can make OpenVPN less sensitive to network outages by using a large keepalive timeout. For example,

 keepalive 10 600

will send a ping every 10 seconds, but only restart if a ping hasn't been received from the peer for 10 minutes.

James


Thanks, this has seemed to work. Are network outages the thing that causes this the most? All clients are on our internal network and I hope that there haven't been network issues each time we've had this problem. Is there any other cause that could be likely?


I did add it to the config to see how it works. So far, it's working better, no odd things appearing in the logs.

Thanks for all the help.

-Nate