4

I'm using openvpn enabled as a service. It works well, but once I get assigned a new IP address or lose the connection, I can't access to the internet any more. Then I have to systemctl restart [email protected] manually. How can I fix that so I don't have to login as root each time and restart the service manually?

[root@arch paul]# cat /etc/openvpn/ipredator.conf client dev tun0 proto udp remote pw.openvpn.ipredator.se 1194 resolv-retry infinite nobind auth-user-pass /etc/openvpn/ipredator.auth auth-retry nointeract ca [inline] tls-client tls-auth [inline] ns-cert-type server keepalive 10 30 cipher AES-256-CBC tls-cipher TLSv1:!ADH:!SSLv2:!NULL:!EXPORT:!DES:!LOW:!MEDIUM:@STRENGTH persist-key persist-tun comp-lzo tun-mtu 1500 mssfix passtos verb 3 <ca> -----BEGIN CERTIFICATE----- ###censored### -----END CERTIFICATE----- </ca> <tls-auth> -----BEGIN OpenVPN Static key V1----- ###censored### -----END OpenVPN Static key V1----- </tls-auth>
Improve this question
2
  • This should already be happening with keepalive 10 30, which will expand to ping 10 and ping-restart 30 on your client and try to reconnect after 30 seconds when the connection is lost. But it might get overridden by a directive pushed from the server. Please also post the server config or the log output from the client to see if any directives are pushed. Look for a line like this: PUSH: Received control message: 'PUSH_REPLY,ping 10,ping-restart 60' Commented Apr 26, 2016 at 14:04
  • I dont know if it is solved, i am having the same issue after upgraded to systemd.. Commented Nov 21, 2017 at 17:01

2 Answers 2

Reset to default
1

On my system, the systemd profile sits at /usr/lib/systemd/system/[email protected] and covers all @ client configurations. In the [Service] section you can add:

Restart=on-failure RestartSec=10

...to have it restart the service (retry connection) when exited, with a 10-second delay to wait in this example.

Then run systemctl daemon-reload to refresh systemd with the changes.

Improve this answer
0

Either try adding this to your .ovpn config

server-poll-timeout 4

Reference: https://openvpn.net/vpn-server-resources/troubleshooting-client-vpn-tunnel-connectivity/

Or you can add a simple bash script to cron job that will automatically restart openvpn if connection is lost. The script might look like this:

#!/bin/bash # Makes sure that openvpn service is running all times. # Add this to a cronjob that will run every minute set -o pipefail if $(/sbin/ip add | grep tun | grep inet) then echo "OpenVPN service is already running" else systemctl restart [email protected] echo "Restarted OpenVPN service" fi
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.