Users have stated that they will expereince some time periods where they
are not able to do anything with the VPN connection. The clients are
Windows XP and Server 2003 mostly. A user stated that the network
device still stated that the tunnel was connected, but it didn't seem to
pass any traffic. Unfortunately, the user wasn't able to provide me
with a routing table or any other helpful info. I looked into the logs
when people say they have problms, but there is nothing unusual.
I did notice this often:
Mon Jan 24 15:08:03 2005 User/xxx.xxx.xxx.xxx:1040 [User] Inactivity
timeout (--ping-restart), restarting
I'm wondering if for some reason this may be causing any problems. Does
this simply mean that that client hasn't been doing anything, so the
server disconnects them? Is there a simple way to make the tunnel
always there? Soem of the clients are servers and they should be
connected always. I looked at the man page but I'm confused about how
to configure the server and if I need to touch the client configs.
The restart is occuring because a keepalive ping was not received during
the required time interval.
This usually happens because of short-term network outages. You can make
OpenVPN less sensitive to network outages by using a large keepalive
timeout. For example,
keepalive 10 600
will send a ping every 10 seconds, but only restart if a ping hasn't been
received from the peer for 10 minutes.
Thanks, this has seemed to work. Are network outages the thing that
causes this the most? All clients are on our internal network and I
hope that there haven't been network issues each time we've had this
problem. Is there any other cause that could be likely?
I did add it to the config to see how it works. So far, it's working
better, no odd things appearing in the logs.
Thanks for all the help.