On 14/05/2023 14:41, Gert Doering wrote:
Hi,
On Sun, May 14, 2023 at 02:38:06PM +0200, Arne Schwabe wrote:
Yes the option we ignore to check if we have to reopen the tun device is
quite short. We should probably turn this into a positive list instead
of assuming that all options need to trigger to a tun reopen/close.
True, but even so - shouldn't the systemd unit file just restart the
openvpn client anyway?
(I see myself having to restart the OpenSolaris Community VPN client
ever so often...)
We had this discussion back in the days when we added the automatic
restart on servers. In the unit file for openvpn-server@.service we added:
RestartSec=5s
Restart=on-failure
We ended up only enabling this on the server config by default, as it
was some good points (which I don't recall right now) about not
restarting the client configs automatically. It might have been due to
avoid DDoS the server in larger deployments, if a bad option would be
pushed to all clients or something like that.
This is anyhow very easily added on a per-config bases using a systemd
feature:
# systemctl edit openvpn-client@CONFIGNAME.service
In the file opened in the editor, just add "[Service]" and those two
lines mentioned earlier. You might want to have a bit longer "Restart"
timer, but that's up to the local sysadmin to judge best.
--
kind regards,
David Sommerseth
OpenVPN Inc
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
