openvpn client breaks on connection loss

I'd almost consider this a configuration issue instead of a bug.

I wonder would a static host route to your vpn target fix the issue.
Like:
ip route add <open-vpn-server> dev <your-non-vpn-main-dev> scope host

I agree that if that would be the solution that openvpn could have an option to "exclude my own connection". Maybe it has and I don't know, but for now I'd wait to see if that is a valid workaround for now and then we can still suggest that to openvpn or otherwise.

Does it work with URLs directly? if not then it definitely wont work as the IP address can only ever be determined on connection initiation.

I'm yet to actually get routing to work properly, I had already tried with a different VPN connection without success...

On 2017-03-31 04:46 AM, ChristianEhrhardt wrote:
> I'd almost consider this a configuration issue instead of a bug.
>
> I wonder would a static host route to your vpn target fix the issue.
> Like:
> ip route add <open-vpn-server> dev <your-non-vpn-main-dev> scope host

Adding this to the client configuration should be equivalent to the
above suggestion:

route <open-vpn-server> 255.255.255.255 net_gateway

Paul, do you have the "keepalive" directive in your client config (can also be pushed by the server)? This should trigger a VPN restart after some time without hearing back from the server. IIRC, this should be enough to get you back on track. If not, please share the VPN client logs.

How do I add keepalive and route options to the nm connection config file...?

@paul17041993, if you have a vpn configuraiton file you can add "keepalive 10 60" to it. Otherwise in network manager you can edit the vpn connection, go to the vpn tab and press advanced. On the general tab that comes up you can as an example check "specify ping interval" and set it to 10 and check "Specify exit or restart ping", set to ping-restart 60. Again as an example.

And in an actual NetworkManager configuration file you can set:

ping=10
ping-restart=60

Ok thanks, I ended up installing the gnome manager (with the ovpn gnome package too) because for some reason the KDE version has most of the settings missing, so that helped.

An odd thing to mention however though is yesterday the ovpn connection ran all day perfectly without a single problem, yet the day before it was constantly breaking, nothing had been changed logically and physically so I have no idea what was going on then...

I'm going to run it with ping 1 and restart 3 for now so we'll see how well it keeps going...

On 2017-04-05 07:19 PM, Paul wrote:
> I'm going to run it with ping 1 and restart 3 for now so we'll see how
> well it keeps going...

I would advise not to run with such aggressive delays. They usually
worsen the problem because as soon as there is a small % of packet loss,
your VPN redials. Longer delays (like 10 & 60) are more forgiving to
such events.

This is in seconds right? I don't want to be waiting an entire minute for the connection to reset, if full packet loss occurs for more than 3 seconds than the connection would be broken and there'd be no point in waiting any longer.

I will note though in this situation the ping shouldn't be any more than 50ms, I'm connecting to my local FTTH residence.

Nope, vpn state still breaks;

paulh@Paul-HP-Laptop:~$ tail -f /var/log/syslog
Apr 6 11:45:30 Paul-HP-Laptop wpa_supplicant[1218]: wlo1: CTRL-EVENT-CONNECTED - Connection to 8a:15:14:9d:c9:c0 completed [id=0 id_str=]
Apr 6 11:45:30 Paul-HP-Laptop NetworkManager[5362]: <info> [1491443130.7408] device (wlo1): supplicant interface state: completed -> authenticating
Apr 6 11:45:30 Paul-HP-Laptop NetworkManager[5362]: <info> [1491443130.7462] device (wlo1): supplicant interface state: authenticating -> associating
Apr 6 11:45:30 Paul-HP-Laptop kernel: [82268.296913] wlo1: Limiting TX power to 17 (23 - 6) dBm as advertised by 8a:15:14:9d:c9:c0
Apr 6 11:45:30 Paul-HP-Laptop NetworkManager[5362]: <info> [1491443130.7893] device (wlo1): supplicant interface state: associating -> completed
Apr 6 11:45:30 Paul-HP-Laptop nm-openvpn[24803]: Connection reset, restarting [-1]
Apr 6 11:45:30 Paul-HP-Laptop nm-openvpn[24803]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 6 11:45:35 Paul-HP-Laptop nm-openvpn[24803]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Apr 6 11:45:35 Paul-HP-Laptop nm-openvpn[24803]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 6 11:45:35 Paul-HP-Laptop nm-openvpn[24803]: RESOLVE: Cannot resolve host address: admin.vectrobe.net: No address associated with hostname

web connections hang here pernamently, I then proceeded to disconnect the VPN manually;

Apr 6 11:51:25 Paul-HP-Laptop nm-openvpn[24803]: message repeated 71 times: [ RESOLVE: Cannot resolve host address: admin.vectrobe.net: No address associated with hostname]
Apr 6 11:51:28 Paul-HP-Laptop NetworkManager[5362]: <info> [1491443488.8235] audit: op="connection-deactivate" uuid="dfa7a90b-e0b6-43fd-b9fc-01270563a367" name="OpenVPN Relay" pid=1500 uid=1000 result="success"
Apr 6 11:51:28 Paul-HP-Laptop NetworkManager[5362]: <info> [1491443488.8271] dns-mgr: Writing DNS information to /sbin/resolvconf
Apr 6 11:51:28 Paul-HP-Laptop dnsmasq[5515]: setting upstream servers from DBus
Apr 6 11:51:28 Paul-HP-Laptop dnsmasq[5515]: using nameserver 10.128.128.128#53(via wlo1)
Apr 6 11:51:28 Paul-HP-Laptop dbus[940]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
Apr 6 11:51:28 Paul-HP-Laptop NetworkManager[5362]: nm-openvpn[24800] <info> openvpn[24803]: send SIGTERM
Apr 6 11:51:28 Paul-HP-Laptop NetworkManager[5362]: nm-openvpn[24800] <info> wait for 1 openvpn processes to terminate...
Apr 6 11:51:28 Paul-HP-Laptop NetworkManager[5362]: <info> [1491443488.9036] manager: NetworkManager state is now CONNECTED_LOCAL
Apr 6 11:51:28 Paul-HP-Laptop nm-openvpn[24803]: RESOLVE: signal received during DNS resolution attempt
Apr 6 11:51:28 Paul-HP-Laptop org.kde.kdeconnect[1342]: "No such interface 'org.freedesktop.DBus.Properties' on object at path /org/freedesktop/NetworkManager/ActiveConnection/35"
Apr 6 11:51:28 Paul-HP-Laptop NetworkManager[5362]: <info> [1491443488.9041] manager: NetworkManager state is now CONNECTED_GLOBAL
A...

I've split this off to two other bugs as they're separate from eachother;
https://bugs.launchpad.net/ubuntu/+source/plasma-nm/+bug/1686251
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1686252

also;
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1686254

[Expired for openvpn (Ubuntu) because there has been no activity for 60 days.]