Recently we noticed openvpn clients were disconnecting after every hour. We never realized it earlier as there was hardly any requirement to keep connection active for hours.
This is probably issue when openvpn is configured to auth users using pop3 or local system account, where user needs to enter user / pass.
Openvpn configured with default client cert may not face this.
Fix was easy but took me few hours to find it & configure appropriate settings.
All you need to do is enter following line in server & client configuration.
If reneg-sec is not mentioned default value of 3600 seconds is used. After every hour client is asked to reenter user / pass. If server doesn’t receive response / input in 60 sec client will disconnect with following error in server logs.
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) TLS Error: TLS handshake failed
Why we need to enter reneg-sec in client conf ?
Lower value mentioned in reneg-sec is given preference. If you update server.conf & ignore to append client.conf, still user will disconnect after every hour.
if you find any missing point in here, please let us know in comment section or tweet us at @linuxreaders. To get more articles like this, subscribe to our RSS feeds / Mails.