Hi-
I am wrestling with setting up the --keepalive and --inactive settings. Instead of resurrecting a 6 year old thread, I am starting a new one. I followed this at first....
https://www.clearos.com/clearfoundation/social/community/open-vpn-disconnect-on-inactive-timeout
I have simple connection from one remote PC to the ClearOS server box. All I want to do is drop the connection if there is no activity after 10 minutes.... but what does OpenVPN consider activity exactly?
The ClearOS box, the /etc/openvpn/clients.conf and clients-tcp.conf have "keepalive 10 120" which I understand to mean ping after 10 seconds of no packet activity, and ping restart after 120 seconds.
The thing is that the connection won't drop if the user stops using the machine. If the machine is on, the connection stays up.
What could I be misunderstanding for activity and traffic?
thanks in advance
Dennis
I am wrestling with setting up the --keepalive and --inactive settings. Instead of resurrecting a 6 year old thread, I am starting a new one. I followed this at first....
https://www.clearos.com/clearfoundation/social/community/open-vpn-disconnect-on-inactive-timeout
I have simple connection from one remote PC to the ClearOS server box. All I want to do is drop the connection if there is no activity after 10 minutes.... but what does OpenVPN consider activity exactly?
The ClearOS box, the /etc/openvpn/clients.conf and clients-tcp.conf have "keepalive 10 120" which I understand to mean ping after 10 seconds of no packet activity, and ping restart after 120 seconds.
The thing is that the connection won't drop if the user stops using the machine. If the machine is on, the connection stays up.
What could I be misunderstanding for activity and traffic?
thanks in advance
Dennis
In OpenVPN
Share this post:
Responses (1)
-
Accepted Answer
Perhaps the client is sending traffic as well. This will hold the connection open. I am not sure how to monitor traffic in a VPN. Does tcpdump do anything useful if run on the tun0 interface or is the traffic already encrypted at that point? Alternatively you could perhaps monitor traffic by IP, but I am not sure which one to use. I think, if your client gets a .6 IP address you may want to watch anything between .5 and .6 but you'll need to play around. Also try .1.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »