On 10/19/06, Bill <[EMAIL PROTECTED]> wrote:
The problem was with the "ping" that happens between OpenVPN endpoints
not being returned and the connection resetting every minute or so.
From the OpenVPN man page:
----------------------<snip>----------------------
--ping n
Ping remote over the TCP/UDP control channel if no packets have
been sent for at least n seconds (specify --ping on both peers to
cause ping packets to be sent in both directions since OpenVPN
ping packets are not echoed like IP ping packets). When used in
one of OpenVPN's secure modes (where --secret, --tls-server, or
--tls-client is specified), the ping packet will be
cryptographically secure.
This option has two intended uses:
(1) Compatibility with stateful firewalls. The periodic ping will
ensure that a stateful firewall rule which allows OpenVPN UDP
packets to pass will not time out.
(2) To provide a basis for the remote to test the existence of its
peer using the --ping-exit option.
----------------------<snip>----------------------
I'm sure it doesn't answer your question, but I was just surprised you
mentionned that "[...] the "ping" that happens between OpenVPN
endpoints not being returned [...]" since the man page clearly states
that they are *not* supposed to be returned anyway. But maybe I
misunderstood your statement...
And as Joachim stated OpenVPN shouldn't drop sessions under load.
I use it between an OpenBSD machine and a Linux box and I've never had problems.
Did you try setting the verbosity to the max and checking if anything
is spewed out in the log that would indicate why this is happening?
And are you in control of both OpenVPN boxes? Are they both running
OpenBSD? Do you know which of the boxes drops the connection?
-Martin
--
"Suburbia is where the developer bulldozes out the trees, then names
the streets after them."
--Bill Vaughan
