Loosing connection after 1 hour

sailingcheese · 15 February 2023 10:18

client : OpenVPN Windows (v 2.6.0)
firewall: IPFire 2.27 (x86_64) - Core-Update 172

the following lines on the connection .ovpn file were added:

static-challenge "Enter your OTP" 0
providers legacy default
auth-user-pass
keepalive 10 60

On the server the following advanced settings are active:

ovpn_settings

i tried that keepalive in the .ovpn file, but connections (even though i am working on that enviroment) keep dropping after approx 1 hour.

How can I make that 8 hours or so…

i see the following line in the LOG from the vpnclient:

Wed Feb 15 10:35:07 2023 TLS: soft reset sec=3600/3600 bytes=0/-1 pkts=0/0

This is the exact time that i lost connection

cfusco · 15 February 2023 12:02

That’s a renegotiation of the encryption keys that by default happens every hour. It should establish automatically a new encryption in the tunnel, but sometimes if the server is asking for a user input like password or OTP the connection drops if unattented. reneg-sec 0 in the server configuration should disable this attempt to renegotiate the keys.

bonnietwin · 15 February 2023 12:39

But bear in mind that if you decide to do this then the TLS keys will not be re-negotiated ever, while the tunnel stays open and that has a security downside.

sailingcheese · 15 February 2023 12:46

I added the following lines to the .ovpn file… (So on the client Side !!!)

tls-client
reneg-sec 36000

And it seems to be correct now… i did not got a disconnect YET

thanks

cfusco · 15 February 2023 12:48

happy for you but keep in mind that this is a work around, not a real solution. Your client should not be needed to re-enter the credentials. The keys renegotiation should happen seamlessly.

sailingcheese · 15 February 2023 12:49

nice bike

And you helped me in the right direction… but i changed it n the client side…