DEV Community

Cover image for Auto Reconnect(ing) OpenVPN client connections on EdgeOS
Wietse Wind
Wietse Wind

Posted on

Auto Reconnect(ing) OpenVPN client connections on EdgeOS

EdgeOS should automatically reconnect your OpenVPN client tunnel. If it doesn't, there are two things you can add to your OpenVPN client config that will make the client reconnect when it's down (eg. because the server or your internet connection has been down).

  1. You can let your EdgeOS router ping over the VPN connection, and if it's down, reconnect it
  2. Tell EdgeOS (OpenVPN client) not to store Auth Tokens, and always perform full auth after reconnecting.

Especially #2 is a problem for some, and hard to debug. You know this is happening if your log files show something like this:

grep "AUTH" /var/log/messages
Enter fullscreen mode Exit fullscreen mode

Response:

messages:Month Day Time Hostname openvpn[id]: AUTH: Received control message: AUTH_FAILED
Enter fullscreen mode Exit fullscreen mode

Let's add the ping setting to ping and auto-reconnect, and tell the EdgeOS OpenVPN client to ignore 'auth tokens' received (for a full re-auth on reconnect) assuming your OpenVPN client tunnel is vtun1. Then commit, save and exit.

configure
set interfaces openvpn vtun1 openvpn-option "--ping 10"
set interfaces openvpn vtun1 openvpn-option "--ping-restart 60"
set interfaces openvpn vtun1 openvpn-option "--pull-filter ignore auth-token"
commit; save; exit
Enter fullscreen mode Exit fullscreen mode

Optionally you can add these settings to your .ovpn client config as well, without the prefixed double dash. Eg. edit your client .ovpn file, and add these lines to your client config:

ping 10
ping-restart 60
pull-filter ignore auth-token
Enter fullscreen mode Exit fullscreen mode

Discussion (0)