1

I enabled an openvpn globally by

systemctl enable [email protected]

Which works well and I'm connected to my VPN after reboot. But once I suspend my laptop instead of rebooting, or simply lose the connection, I can't access to internet any more and have to do either a reboot or a systemctl restart [email protected]

How can I reconnect automatically to my VPN?

An idea I have is to edit the [email protected] manually and set a Restart=always and a RestartSec=15. But is that safe any longer? Won't my connection be interrupted? Is there a better solution?

This is what my con.conf looks like:

client dev tun0 proto udp remote pw.openvpn.ipredator.se 1194 resolv-retry infinite nobind auth-user-pass /etc/openvpn/IPredator.auth auth-retry nointeract ca [inline] tls-client tls-auth [inline] ns-cert-type server keepalive 10 30 cipher AES-256-CBC tls-cipher TLSv1:!ADH:!SSLv2:!NULL:!EXPORT:!DES:!LOW:!MEDIUM:@STRENGTH persist-key persist-tun comp-lzo tun-mtu 1500 mssfix passtos verb 3 <ca> -----BEGIN CERTIFICATE----- dummy -----END CERTIFICATE----- </ca> <tls-auth> -----BEGIN OpenVPN Static key V1----- dummy -----END OpenVPN Static key V1----- </tls-auth>
Improve this question
7
  • 1
    Odd that config is having OpenVPN exit. Could you check your log files (e.g., /var/log/daemon.log, /var/log/syslog, or /var/log/messages) and see if it gives a reason why? It should be logging a fair bit with verb 3. Commented Aug 22, 2013 at 15:37
  • I have only the following logs in /var/log: btmp hp old wtmp Xorg.2.log cups httpd pacman.log Xorg.0.log Xorg.3.log faillog journal pm-powersave.log Xorg.0.log.old Xorg.4.log gdm lastlog speech-dispatcher Xorg.1.log Xorg.5.log Commented Aug 22, 2013 at 16:00
  • Odd. Wonder where your syslog is going. Which distro is this? Commented Aug 22, 2013 at 16:07
  • It's arch. I think journalctl should do this? nopaste.info/e0204b6c88.html Commented Aug 22, 2013 at 16:15
  • That looks like it could be a syslog. But I don't see any OpenVPN stuff in there. Commented Aug 22, 2013 at 16:18

1 Answer 1

Reset to default
2

You can configure OpenVPN not to exit when the connection goes down, and instead to reconnect (e.g., ping-restart instead of ping-exit). Also make sure you don't have things like inactive (exit on inactivity), or single-session.

You can also configure OpenVPN to keep the tunnel around, so traffic will potentially be sent insecurely with persist-tun. In addition, you may want to add firewall rules to ensure your traffic doesn't leak.

BTW: If you add the firewall rules, then you can safely have the connection interrupted.

Improve this answer
2
  • 1
    Thanks, these are great ideas. Can you be a bit more detailed and teach me how to do so? I added my .conf file to the start-post. Commented Aug 22, 2013 at 15:33
  • No this will not work if the client ip changes, openvpn service will return "AUTH_FAILED" and just give up... keepalive and ping-restart does not have any effect over this unfortunelly... Commented Nov 23, 2017 at 18:32

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.