Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
openVPN Server --> Inactivity timeout (--ping-restart), restarting
« previous
next »
Print
Pages: [
1
]
Author
Topic: openVPN Server --> Inactivity timeout (--ping-restart), restarting (Read 10054 times)
manuel
Newbie
Posts: 26
Karma: 1
openVPN Server --> Inactivity timeout (--ping-restart), restarting
«
on:
July 24, 2018, 11:19:48 am »
Hello
I have setup a openvpn server according to the "Setup SSL VPN Road Warrior" including TOTP. Login works fine but after about 30 Minutes openvpn Client Login pops up and I have to login again using the token from google authenticator and my password. Renegotiate time (reneg-sec 0) is set to 0 in the openvpn server config.
I would like to be connected to the vpn server even there is no activity/traffic. How can I achive this?
Thank you very much for your help.
Regards Manuel
Tue Jul 24 10:02:16 2018 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Tue Jul 24 10:02:16 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Jul 24 10:02:16 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Tue Jul 24 10:02:46 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:1194
Tue Jul 24 10:02:46 2018 UDP link local (bound): [AF_INET][undef]:0
Tue Jul 24 10:02:46 2018 UDP link remote: [AF_INET]xx.xx.xx.xx:1194
Tue Jul 24 10:02:47 2018 [myopenvpn Server] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:1194
Tue Jul 24 10:02:48 2018 open_tun
Tue Jul 24 10:02:48 2018 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{AB71E12E-4CCE-42DE-84BA-E28854305B69}.tap
Tue Jul 24 10:02:48 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of xx.xx.xx.xx/255.255.255.xx on interface {xxxxxxxxx} [DHCP-serv: xx.xx.xx.xx, lease-time: 31536000]
Tue Jul 24 10:02:48 2018 Successful ARP Flush on interface [15] {xxxxxxxxx}
Tue Jul 24 10:02:48 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jul 24 10:02:53 2018 Initialization Sequence Completed
Tue Jul 24 10:31:57 2018 [myopenvpn Server] Inactivity timeout (--ping-restart), restarting
Tue Jul 24 10:31:57 2018 SIGUSR1[soft,ping-restart] received, process restarting
Tue Jul 24 10:42:58 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:1194
Tue Jul 24 10:42:58 2018 UDP link local (bound): [AF_INET][undef]:0
Tue Jul 24 10:42:58 2018 UDP link remote: [AF_INET]xx.xx.xx.xx:1194
Tue Jul 24 10:42:59 2018 [SSLVPN Server Certificate] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:1194
Tue Jul 24 10:43:00 2018 Preserving previous TUN/TAP instance: Ethernet 3
Tue Jul 24 10:43:00 2018 Initialization Sequence Completed
- Server Config File
dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA512
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
client-connect /usr/local/etc/inc/plugins.inc.d/openvpn/attributes.sh
client-disconnect /usr/local/etc/inc/plugins.inc.d/openvpn/attributes.sh
local xx.xx.xx.xx
tls-server
server xx.xx.xx.xx 255.255.255.0
client-config-dir /var/etc/openvpn-csc/1
username-as-common-name
auth-user-pass-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify user 'TOTP VPN Access Server' 'false' 'server1'" via-env
tls-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify tls 'SSLVPN+Server+Certificate' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
push "route xx.xx.xx.xx 255.255.255.0"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /usr/local/etc/dh-parameters.4096.sample
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo adaptive
reneg-sec 0
- Client Config File
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA512
tls-client
client
reneg-sec 0
resolv-retry infinite
remote myopenvpnserver.com 1194 udp
lport 0
verify-x509-name "myopenvpn Server" name
auth-user-pass
pkcs12 Home.p12
tls-auth Home.key 1
#ns-cert-type server
remote-cert-tls server
comp-lzo adaptive
auth-nocache
«
Last Edit: July 24, 2018, 11:21:42 am by manuel
»
Logged
gnatbite
Newbie
Posts: 4
Karma: 0
Re: openVPN Server --> Inactivity timeout (--ping-restart), restarting
«
Reply #1 on:
January 09, 2022, 09:04:31 pm »
Hi,
I came across the same situation with a slightly different authentication setup (Certificate + LDAPS).
After one hour of VPN inactivity, the user is asked for re-authentication. I suppose it is related to the
auth-nocache
setting in the client config, since the setting forbids to cache the password and therefor the OpenVPN cannot re-authenticate without asking the user.
Long story short, removing auth-nocache should do the trick.
Cheers
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
openVPN Server --> Inactivity timeout (--ping-restart), restarting