[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

Re: [Openvpn-users] why is SIGUSR1 required with ISDN dialup?

Subject: Re: [Openvpn-users] why is SIGUSR1 required with ISDN dialup?
From: "James Yonan" <jim@xxxxxxxxx>
Date: Mon, 13 Oct 2003 21:33:34 -0000

Claas Hilbrecht <claas+maillinglists.openvpn@xxxxxxxxxxxxxxxxx> said:

> Received
> 
> I wonder why I need to issue a kill -SIGUSR1 <openvpn-pid> to openvpn when 
> running a tunnel over an isdn dialup line after the isdn line is down for a 
> while. The dialup line uses raw-ip. The first connection works without 
> SIGUSR1. If I reconnect soon after the isdn line goes down the vpn tunnel 
> works. After a few minutes (I think 15 or more) a ping opens the isdn line 
> but all packets to the other vpn endpoint are simply dropped. Below you 
> will find the configuration file from one endpoint.
> 
> remote 192.168.199.11
> rport 19910
> local 192.168.199.10
> lport 19911
> secret /etc/openvpn/test.secret
> comp-lzo
> resolv-retry 300
> persist-tun
> writepid /var/run/openvpn-test.pid
> dev tun
> ifconfig 192.168.199.20 192.168.199.21
> route 192.168.199.0 255.255.255.248

The SIGSUSR1 (or SIGHUP) closes and reopens the UDP socket -- which may be
necessary when communicating over a connection-oriented link.  Probably some
parameter in the IP stack which the UDP socket depends upon is timing out
after 15 minutes.

You might also try using the same lport and rport number -- doing so is
usually necessary to get stateful firewalls to properly associate both
directions of the connection.

It is actually normal procedure for an OpenVPN tunnel over a
connection-oriented medium such as ISDN to include something like

##################
# Uncomment this section for a more reliable
# detection when a system loses its connection.
# For example, dial-ups or laptops that travel
# to other locations.
#
# If this section is enabled and "myremote"
# above is a dynamic DNS name (i.e. dyndns.org),
# OpenVPN will dynamically "follow" the IP
# address of "myremote" if it changes.
; ping-restart 60
; ping-timer-rem
; persist-tun
; persist-key
; resolv-retry 86400

# keep-alive ping
ping 10
##################

James


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Follow-Ups:
- Re: [Openvpn-users] why is SIGUSR1 required with ISDN dialup?
  - From: Claas Hilbrecht
- Re: [Openvpn-users] why is SIGUSR1 required with ISDN dialup?
  - From: Claas Hilbrecht

References:
- [Openvpn-users] why is SIGUSR1 required with ISDN dialup?
  - From: Claas Hilbrecht

Prev by Date: [Openvpn-users] why is SIGUSR1 required with ISDN dialup?
Next by Date: [Openvpn-users] openvpn UDP and internet sharing boxes
Previous by thread: [Openvpn-users] why is SIGUSR1 required with ISDN dialup?
Next by thread: Re: [Openvpn-users] why is SIGUSR1 required with ISDN dialup?
Index(es):
- Date
- Thread