Re: [Openvpn-users] Inactivity timeout

[Nate K. <kr...@ms...>]

>
>
>>Users have stated that they will expereince some time periods where they 
>>are not able to do anything with the VPN connection.  The clients are 
>>Windows XP and Server 2003 mostly.  A user stated that the network 
>>device still stated that the tunnel was connected, but it didn't seem to 
>>pass any traffic.  Unfortunately, the user wasn't able to provide me 
>>with a routing table or any other helpful info.  I looked into the logs 
>>when people say they have problms, but there is nothing unusual. 
>>
>>I did notice this often:
>>Mon Jan 24 15:08:03 2005 User/xxx.xxx.xxx.xxx:1040 [User] Inactivity 
>>timeout (--ping-restart), restarting
>>
>>I'm wondering if for some reason this may be causing any problems.  Does 
>>this simply mean that that client hasn't been doing anything, so the 
>>server disconnects them?  Is there a simple way to make the tunnel 
>>always there?  Soem of the clients are servers and they should be 
>>connected always.  I looked at the man page but I'm confused about how 
>>to configure the server and if I need to touch the client configs.
>>    
>>
>
>The restart is occuring because a keepalive ping was not received during 
>the required time interval.
>
>This usually happens because of short-term network outages.  You can make 
>OpenVPN less sensitive to network outages by using a large keepalive 
>timeout.  For example,
>
>  keepalive 10 600
>
>will send a ping every 10 seconds, but only restart if a ping hasn't been 
>received from the peer for 10 minutes.
>
>James
>

Thanks, this has seemed to work.  Are network outages the thing that 
causes this the most?  All clients are on our internal network and I 
hope that there haven't been network issues each time we've had this 
problem.  Is there any other cause that could be likely?

I did add it to the config to see how it works.  So far, it's working 
better, no odd things appearing in the logs.

Thanks for all the help.

-Nate