Results 1 to 6 of 6
  1. #1
    Master Untangler
    Join Date
    Dec 2018
    Posts
    162

    Default [server] Inactivity timeout (--ping-restart), restarting

    How do I go about troubleshooting this message?

    When connecting from outside of the office to the office Untangle users don't get this but when I try to connect from work to my home Untangle I get it anywhere from 50-60 minutes into the session.

    This never used to happen and I could have a tunnel up for 30+ days.

    Both machines are running 14.2.2 and all of the configs are stock. I even uninstalled OpenVPN from my router and reinstalled it as it was missing the compress lz4 option while the work instance had it but nothing seems to make a difference.

    Client Config:
    Code:
    client
    resolv-retry 20
    keepalive 10 60
    nobind
    mute-replay-warnings
    remote-cert-tls server
    compress lz4
    verb 4
    persist-key
    persist-tun
    explicit-exit-notify 1
    dev tun
    auth-user-pass
    proto udp
    port 1194
    cipher AES-128-CBC
    remote mydomain.info 1194 # public address
    Client Log Attached...well some of it as this forum only allows for 19.5KB file sizes...ugh.
    Attached Files Attached Files

  2. #2
    Master Untangler
    Join Date
    Dec 2018
    Posts
    162

    Default

    Got it figured out....

    A few days back one of my IP's changed, however, I could set it back to the old one in DHCP and it worked just fine....or so I thought.

    I just saw in the log that OpenVPN was still using the other IP and it would time out. I unplugged that WAN connection and have been up for over an hour now so I have asked my ISP to either change the rule that they made for me to open 80 and 443 (for a reverse proxy to use with Emby, Nextcloud, etc) to the newly assigned DHCP address which will hopefully fix it permanently.

    That or maybe I can just pay them for a couple of static IP's at home. We'll see what they say.

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,989

    Default

    I think the tunnel will drop anytime the WAN renews its IP.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Master Untangler
    Join Date
    Dec 2018
    Posts
    162

    Default

    Quote Originally Posted by sky-knight View Post
    I think the tunnel will drop anytime the WAN renews its IP.

    Yeah basically I was overwriting the IP in the DHCP section of the interface configuration on Untangle but it looks like even though it appeared to be working something wasn't liked as I would see this in syslog every time the OpenVPN connection would drop.

    Code:
    Jan  4 02:19:46 5018D-FN8T dhclient[16146]: DHCPREQUEST of XX.XX.191.4 on eth0 to XX.XX.48.7 port 67
    Jan  4 02:19:46 5018D-FN8T dhclient[16146]: DHCPACK of XX.XX.191.4 from 0.0.0.0
    Jan  4 02:19:46 5018D-FN8T systemd[1]: Stopping dnsmasq - A lightweight DHCP and caching DNS server...
    Jan  4 02:19:46 5018D-FN8T dnsmasq[59070]: exiting on receipt of SIGTERM
    Jan  4 02:19:46 5018D-FN8T systemd[1]: Stopped dnsmasq - A lightweight DHCP and caching DNS server.
    Jan  4 02:19:46 5018D-FN8T systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
    Jan  4 02:19:46 5018D-FN8T dnsmasq[80191]: dnsmasq: syntax check OK.
    Jan  4 02:19:47 5018D-FN8T systemd[1]: Stopped OpenVPN service.
    Jan  4 02:19:47 5018D-FN8T systemd[1]: Stopping OpenVPN service...
    Jan  4 02:19:47 5018D-FN8T systemd[1]: Starting OpenVPN service...
    Jan  4 02:19:47 5018D-FN8T systemd[1]: Stopping OpenVPN connection to server...
    Jan  4 02:19:47 5018D-FN8T systemd[1]: Started OpenVPN service.
    Jan  4 02:19:47 5018D-FN8T systemd[1]: Stopped OpenVPN connection to server.
    Jan  4 02:19:47 5018D-FN8T systemd[1]: Starting OpenVPN connection to server...
    Jan  4 02:19:47 5018D-FN8T systemd[1]: openvpn@server.service: PID file /run/openvpn/server.pid not readable (yet?) after start: No such file or directory
    Jan  4 02:19:47 5018D-FN8T systemd[1]: Started OpenVPN connection to server.
    Jan  4 02:19:47 5018D-FN8T dnsmasq[80359]: started, version 2.76 cachesize 150
    I'm not sure what I did wrong as everything else seemed to work. I guess I could trying using the Static option on that interface and see what happens as after unplugging it my tunnel has been up for 2 hours now.

  5. #5
    Master Untangler Sam Graf's Avatar
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    859

    Default

    The fact that you don't have static IP address at home doesn't mean your ISP will change the address with a renew. I have an Untangle-to-Untangle OpenVPN connection that I use routinely, typically for months, without a static IP because that's the case. So if it's working maybe just leave it alone, unless there's a reason to change.

    Everything outbound at home will work regardless of the IP address, but not inbound.

  6. #6
    Master Untangler
    Join Date
    Dec 2018
    Posts
    162

    Default

    Quote Originally Posted by Sam Graf View Post
    The fact that you don't have static IP address at home doesn't mean your ISP will change the address with a renew. I have an Untangle-to-Untangle OpenVPN connection that I use routinely, typically for months, without a static IP because that's the case. So if it's working maybe just leave it alone, unless there's a reason to change.

    Everything outbound at home will work regardless of the IP address, but not inbound.

    Yeah they don't normally change but I went to set up IPMI and the default password wouldn't work so I booted to a Linux USB but forgot to unplug WAN1. For some reason when I restarted with Untangle the IP changed for that interface but not for WAN2 when I plugged it back in. The MAC didn't change so I don't understand it.

    I have load balancing enabled and a reverse proxy so that causes issues since my ISP only unblocked 80 and 443 for me on request by unblocking my specific IP's....which now one has changed.

    ETA: I sent the main guy am email and asked him to update the rule for me and if I could pay for a couple of DHCP reservations to avoid this problem in the future.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2