[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] VPN recovery after brief network outage


  • Subject: Re: [Openvpn-users] VPN recovery after brief network outage
  • From: Jon Bendtsen <jon.bendtsen@xxxxxxxxxx>
  • Date: Mon, 6 Mar 2006 08:48:43 +0100

Den søndag 5.mar kl. 11:05 skrev Henning Schulze-Lauen:

Summary: How fast should I expect a recovery of VPN traffic are
a brief network outage?

That depends...


I am running an OpenVPN client over a WLAN with bad signal
quality. When the WLAN connection goes down, it quickly
reconnects automatically. Tunnel traffic, however, breaks down
for good, even when the connection was down only a few seconds.
It does not recover until about 3 minutes later, when the
process has been restarted with a "SIGUSR1" by ping-restart.

do you use TCP or UDP? I think UDP are best at recovering here. Also you could lower the ping-restart and ping in general to recover faster.


I have tried to play around with the --ping-restart ## option,
to no avail. My suspicion was that the --ping-restart value is
overridden from the server side (over which I have no control)
to 120, as the log says during connecting:

It is hard when you dont control the server. Much harder.


    PUSH: Received control message: 'PUSH_REPLY,redirect-gateway
    def1,dhcp-option DNS ###.###.67.2,setenv nameserver
    ###.###.67.2,route-gateway ###.###.30.1,ping 10,ping-restart
    120,ifconfig ###.###.30.45 255.255.255.0'

You could possibly ignore the data they push, but that is hard. You would need to configure the same ip address as they are pushing.


So my question comes down to whether the claim on OpenVPN's
homepage that "tunnel traffic will immediately resume" just
refers to the --ping-restart mechanism, or whether there is
anything else which I can do in terms of configuration to ensure
a quick resumption of tunnel traffic.

Talk with your own sysop. Running one more openvpn daemon is quite possible. If you dont use UDP, try using UDP. If you are using UDP, try using TCP. Your sysadm could use a --client-config-dir and let you have a special config with a dfifferent timeout.



JonB

-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users