OpenVPN keepalive parameter in configuration

svenf · 1 July 2022 12:32

@pmueller
I think there is a bug in OpenVPN config gui. After closing openvpn connection on client side, the connection still open in ipfire. I take a look in the server.conf and the keepalive parameter was missing. I go to the open vpn advanced config gui and saved advanced config. Now the parameter is in the config file and the connection closed like expected. Core Update 169 Development Build: next/8000bc0a

pmueller · 5 July 2022 14:56

Hi,

thank you for reporting this.

As far as I understand, this is not an issue related to 2FA, so I moved it into a new thread to keep the original one concise.

To the best of my understanding, however, this is like it is expected to work: If keep-alive is configured, the appropriate directives will make their way to the configuration files, if not, they are not there. In the latter case, OpenVPN connections will just eventually time out - a keep-alive usage is certainly the more robust way.

Perhaps we should enable it by default? I don’t really see any disadvantages of that…

Thanks, and best regards,
Peter Müller

svenf · 5 July 2022 15:31

This is the default setting…
grafik
There is no checkbox to activate/deactivate the keepalive setting. So I expected that the setting is in the config file by default everytime.
At the end: Enable it, no disadvantages. Maybe you can add a new Checkbox (enabled by default) for this, then everyone can do whatever they want.

svenf · 17 October 2022 09:10

@pmueller did you added the keepalive parameter in the server config file or will you add a option in the webgui?

bonnietwin · 17 October 2022 10:11

I have just checked through the perl code for ovpnmain.cgi which covers the OpenVPN pages including the Advanced Options section.

The Keep Alive values are set at 10 and 60 by default and included into the server.conf file by default. They will only change if they are edited by the user. The code checks that only numbers have been used and that the second number is greater than the first. If that check fails then an error message is placed at the top of the page.

I have checked this back to 2011 and the code for that item has not been changed since.

I have checked my production IPFire and several of my vm ipfires and all of them have the line
keepalive 10 60
in them.

I think if your server.conf ended up with that line missing some problem must have occurred but if you shut down the OpenVPN server, go to the Advanced Options page, confirm that the values are 10 and 60, or whatever you want them to be and press the save button then the server.conf file will be updated with the entries (you can check to confirm) and you can re-start the OpenVPN server.