OpenVPN reconnect after server restart

Question

I am looking for a way to keep a VPN tunnel alive. I have an OpenVPN server and some clients which only have access through the VPN. Sometimes, I need to restart my OpenVPN server. When I do that, all my clients lose connections and won't automatically reconnect once the server is up again. I'd like to know if there is a way that makes the client restart the connection e.g. after 60 seconds, if the connection is down and keeps trying until it gets connected.

PS. The keepalive directive is set in the server directives like this:

keepalive 10 120

@JacobEvans I am on Ubuntu 16.10 LTS (server) and I use sudo service openvpn@myvpn start(or restart) to start the vpn clients. My client config file is called myvpn and is placed on /etc/openvpn/ — alexandgu, Apr 16 '17 at 19:25
@JacobEvans also what do you mean by "push" keepslive 10 129 — alexandgu, Apr 16 '17 at 19:25
instead of adding client side configs you can push client config from the server — Jacob Evans, Apr 16 '17 at 19:30
I'll pull the config from one of my VPS servers, I know they reconnect when I reboot or loose network (server is on a dynamic ip) — Jacob Evans, Apr 16 '17 at 19:31
sorry for the delay, my clients just have `keepalive 15 60` in them, all they seem to need. — Jacob Evans, Apr 20 '17 at 02:50
Alright I tried to push the keepalive to the clients and it seems to be working thank you — alexandgu, Apr 23 '17 at 22:34

score 7 · Accepted Answer · edited Oct 17 '19 at 18:14

7

Try to use keepalive also in your client configuration file. Or use ping-restart and ping combination which are what keepalive uses internally. Works very well.

edited Oct 17 '19 at 18:14

Nowaker

281
3
10

answered Apr 16 '17 at 19:11

Krzysztof Sawicki

247
1
6

Ping-restart and ping are client config directives? – alexandgu Apr 16 '17 at 19:26
1

@alexandgu Yes. Keepalive is in fact the combination of ping and ping-restart commands. Check it here: https://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html – Krzysztof Sawicki Apr 16 '17 at 19:33
ok I think with both answers it'll do the trick thank you !! – alexandgu Apr 16 '17 at 19:35
3

Sawicki: from man page: keepalive If used on both server and client, the values pushed from server will override the client local values. So it's useless put keepalive on clients if keepalive is already on server config. – Pol Hallen Sep 18 '17 at 11:05

score 0 · Answer 2 · answered Oct 13 '20 at 09:21

In the server config, set this option:

# Notify the client that when the server restarts so it
# can automatically reconnect.
explicit-exit-notify 1

See reference manual here: –explicit-exit-notify [n] In UDP client mode or point-to-point mode, send server/peer an exit notification if tunnel is restarted or OpenVPN process is exited. In client mode, on exit/restart, this option will tell the server to immediately close its client instance object rather than waiting for a timeout. The n parameter (default=1) controls the maximum number of attempts that the client will try to resend the exit notification message.In UDP server mode, send RESTART control channel command to connected clients. The n parameter (default=1) controls client behavior. With n = 1 client will attempt to reconnect to the same server, with n = 2 client will advance to the next server. OpenVPN will not send any exit notifications unless this option is enabled.

OpenVPN reconnect after server restart

2 Answers2