On Sun, 04 Sep 2022 11:33:31 +0200, Bo Berglund <bo.bergl...@gmail.com> wrote:
>On Sun, 04 Sep 2022 10:42:52 +0200, Bo Berglund <bo.bergl...@gmail.com> wrote: > >>I have a number of OVPN clients connecting to my OpenVPN server (on a Linux >>Ubuntu 20.04.4 server box). >>Some are individual clients and some are routers handling multiple remote >>clients sharing that router. >> >>So far I have had no problems whenever I have had to reboot or otherwise >>restart >>the openvpn service on the server. All clients seem to be able to reconnect >>automatically if the connection is lost. >> >>But now I have a case where an ASUS RT-AC51U router does not reconnect its >>tunnel if the server reboots or the openvpn-service restarts. It just seems to >>have lost its connection and does nothing about it... >>My other similar setups using ASUS RT-AC86U routers do not show this problem. >> >>Question: >>Is there some way *from the server side* to send a message to the clients that >>they are to reconnect following an imminent service disruption? > >Just an addition: >I already have these related settings in the server side server.conf file: > >keepalive 10 120 >explicit-exit-notify 1 >push "explicit-exit-notify 1" > >Since these are there do I have to modify the client's conf file (which I >cannot >do since I do not have access to that site)? > >I have to tell people on location to power cycle the router to get back the >connection as it is now. So now I have found an old tghread on the forum: https://forums.openvpn.net/viewtopic.php?t=28499 This also deals with a failing reconnect client... Here @Pippin says this: "Do not use --persist-tun on the client..." So I had a look at the OVPN file used to configure the ASUS router and its config looks like this: client dev tun proto udp remote mydomain.com 1191 #obfuscated resolv-retry infinite nobind persist-key persist-tun #<== NOTICE! mute-replay-warnings auth-nocache remote-cert-tls server key-direction 1 cipher AES-256-CBC comp-lzo no verb 2 mute 20 explicit-exit-notify 1 #<== NOTICE! So now I have a client which is set to use persist-tun (I have no idea what this does) and the forum thread indicates that commenting it out solves the reconnect issue. QUESTION: --------- Is it possible to send a command from the server to the client via the ccd system on connect to NOT use persist-tun? The reason is that it is impossible for me to access the router and deal with its config since it is VERY remote now (1700 km). If I could send this to the client on connect then it could hopefully solve the problem. But how would that be formulated in the ccd file for the client? -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
