0

I'm using OpenVPN as a daemon and when I lose the internet connection, OpenVPN waits for 2 minutes before it tries to restart each 5 seconds. This is as I want it to behave. However when the internet connection is up again, OpenVPN tries to reset tun0, fails and exits and since it's a daemon it won't try again but remain dead.

It fails with a 2 on IP address del because of permission denied.

I've tried to set chmod +s to OpenVPN executable without any luck. I'm also using the NetworkManager to manage the network connections if this could be a problem.

It seems however as the actions succeed, since if I'm manually restarting OpenVPN it works.

Humberto Castellon
  • 879
  • 1
  • 7
  • 17
iveqy
  • 111
  • 1

1 Answers1

0

To avoid getting "permission denied", try running the OpenVPN client as root and change the users to less privileged ones later within the client config file.

Eg: 

user nobody
group nogroup

I'm running the client as a systemctl service using following systemd script. It automatically reconnects when the network connectivity is restored.

https://github.com/thilinaba/systemd-scripts/blob/master/openvpn-client.service

In the script, set the path /etc/openvpn/client.ovpn to point your client config file according to your setup and copy the script into /etc/systemd/system/. Once copied run systemctl daemon reload to load the new service.

Then you can start and stop the client as a service using systemctl command

Eg:

sudo systemctl start openvpn-client.service
sudo systemctl stop openvpn-client.service
sudo systemctl status openvpn-client.service

However you need to set the following parameters in the client config file to enable to auto reconnect feature.

proto udp
resolv-retry infinite
persist-tun

If you want the connection to be TCP for some reason (usually you won't need TCP) you will have to terminate the client and connect again in case of an interruption.

Thilina
  • 64
  • 5
  • Thank you. I'm using debian stretch that already have written a service-script for systemd that I'm using. Shouldn't that one be sufficient? As a second try I've read that openvpn now ships its own service scripts. I guess that writing your own service script is something you should avoid? – iveqy Dec 04 '18 at 10:29
  • Yes, if you already have the service script, that should be fine. Try the client configs mentioned in my previous comment. – Thilina Dec 04 '18 at 10:53
  • Yes, but the debian service script is not loading openvpn as root. Is that because it's not needed or is it because there's a bug in the debian script? – iveqy Dec 04 '18 at 12:36
  • You can update it and see if your problem get solved. Or try the above script and see. If that works, you can update the default script as required. – Thilina Dec 06 '18 at 06:51