LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   openvpn quits after an hour (approx) (https://www.linuxquestions.org/questions/linux-networking-3/openvpn-quits-after-an-hour-approx-4175468614/)

linuxStudent11 07-05-2013 02:46 PM

openvpn quits after an hour (approx)
 
Is there something simple that I'm missing?
When I launch openvpn (as a simple client) from bash it quits after about an hour. I type:
Code:

sudo openvpn published.conf
And that config file contains:
Code:

client
remote <where I connect>
ca <my certificate>
comp-lzo yes
daemon yes
dev tun
proto udp
nobind
auth-nocache
script-security 2
persist-key
persist-tun
user openvpn
group openvpn

But when I start it up from the nm-app menu, everything's fine!?! It keeps on running as long as I like.
BTW: The tun device is NOT defined in /etc/network/interfaces . Is that a problem?
Thanks in advance for any help or guesses.

pendrive 07-06-2013 09:41 AM

first of all, there is no need define any tun interface in /etc/network/interfaces. it'll be configured when you bring the openvpn up. if the interface is gone after a couple of time, its becuase of the openvpn process get killed some how and you mentioned it. have you ever tried to start openvpn client without daemonizing? is it stoped too? have you checked the log files after the openvpn get stoped?

linuxStudent11 07-06-2013 07:52 PM

===

linuxStudent11 07-06-2013 07:55 PM

First, I want to thank you for your kind help! I don't know what to do.
I couldn't find the keyword to force it to not go background...I think that means daemonize.
There was nothing in /var/log/syslog about the termination. There was only stuff about the startup. It logged every startup. It logged no termination. I saw something about how to increase logging levels.

I noticed some things from `ps -AF | grep openvpn`. Maybe this can help. (I removed account info).
Code:

root    14601  2480  0 13734  2484  2 19:43 ?        00:00:00 /usr/lib/NetworkManager/nm-openvpn-service
root    14606 14601  0  7677  4060  3 19:43 ?        00:00:00 /usr/sbin/openvpn --remote <snip> --comp-lzo --nobind --dev tun --proto udp --port 1194 --auth-nocache --syslog nm-openvpn --script-security 2 --up /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --up-restart --persist-key --persist-tun --management 127.0.0.1 1194 --management-query-passwords --route-noexec --client --auth-user-pass --ca /etc/openvpn/ca.crt

The above is the result of the nm-applet startup.
I'm using Debian Squeeze and openvpn 2.1.3 Feb 21 2012.
Thank You!

pendrive 07-07-2013 04:36 AM

Your welcome linuxStudent11
its definitely the "daemon yes" entry. if you remote that, it runs stand alone in terminal and you can see the outputs and probably the errors.
then issue
#openvpn client-config.conf

it'll start in terminal and you can see clearly whats going on. also your ps outputs for nm does not shows anything wrong. make the above changes. I think it'll help you figure out what goes wrong

linuxStudent11 07-07-2013 11:44 AM

Wierdest thing but I tried "daemon no" and it still went background.
hmmm...myabe I should just comment it out? Maybe it doesn't understand "daemon <anything>" thinking it just means "use daemon mode"? I'll try it..
---trying it---
COOL!
I just DELETED "daemon no" and it stayed foreground! Now I'll just wait an hour to see what happens.

linuxStudent11 07-07-2013 01:20 PM

ok, I waited an hour and it stopped with a requery for username/password....FROM the dang terminal, not via the parameters I set.
So I've added the following to my config:
Code:

auth-retry nointeract
# auth-nocache (i.e. I commented this out

I hope I won't need some sort of helper script.
Now I'll wait another hour.

linuxStudent11 07-07-2013 02:36 PM

That worked! It was commenting out the auth-nocache that did it.
However, openvpn complains that this caches the username/password in memory and is a weakening of security...understandably. I'm sure the best approach is to demand that an operator type them in every hour...no comment. A "helper function" might fetch them from the keys files. I read that this was a desired but unimplemented feature in openvpn. So I think I'll just live with memory cacheing.

pendrive 07-13-2013 01:20 AM

sorry I was more than a little busy I had not even could check my mails.
anyway glad it worked. BTW I used to use openvpn but not with user/pass, I used the client cert and private key and it did not claim anything.


All times are GMT -5. The time now is 05:47 AM.