OpenVPN Client – Automatic reconnection???

[ragametal]

I have a truenas server on a remote location that i use as a target for the replication tasks of my main truenas server. The remote truenas server connects to my network via its OpenVPN client. The OpenVPN server is installed in my local PFsense firewall.

After a lot of reading and trial/error i finally got this setup working properly and reliably. Or so i thought.

Last night the internet connection failed at the remote location and, as a result, the OpenVPN server stopped receiving the “keepalive” ping signals from the remote truenas server and closed the VPN connection.

The internet service has now been reestablished at the remote location but the truenas server has not tried to reconnect to the OpenVPN server. The only way i found to get the trueNAS to reconnect is to reboot it which means i need to travel to the remote location and physically push the power button. Obviously this is not ideal.

Do you guys have a recommendation on how to get the remote trueNAS server to keep trying to connect to the OpenVPN server indefinitely?

I was thinking that maybe a script would do the trick and run it via a Cron job once every 24 hours or so. But i honestly don’t know how to do tsuch script since i don’t know how to obtain the status of the OpenVPN connection via CLI, or how to start one.

Help?

 

[Davvo]

You can ssh into TrueNAS and reboot without having to physically being there.
It's not automation but it's a solution.
You can also run a cronjob to reboot TrueNAS every 24h.

 

[ragametal]

You can ssh into TrueNAS and reboot without having to physically being there.
It's not automation but it's a solution.
You can also run a cronjob to reboot TrueNAS every 24h.

I can't really SSH into the truenas because i don't have access TO the remote network, I only have access FROM it to my OpenVPN server.

About your other suggestion, i guess that is a workaround but I'm concerned it might reboot the system when it's in the middle of doing some other schedules tasks such as scrubs, SMART, etc

 

[Davvo]

About your other suggestion, i guess that is a workaround but I'm concerned it might reboot the system when it's in the middle of doing some other schedules tasks such as scrubs, SMART, etc

You just have to schedule things in a way they don't overlap.
If you only use that machine as a target for replication you don't need to reboot every 24h, just before your scheduled replication (ie once at week).

 

[ragametal]

Thanks @Davvo but i do daily remote backups. It only takes like 2 minutes to complete the replication task. So i figured, why not?

Anyway, it seems OpenVPN already has an automatic reconnect function and that i just need to add the following options in the "Additional parameters" of the Truenas client
persist-tun persist-key keepalive 10 60

Results from my internet research about these options are conflicting, so I will have to read the OpenVPN manual to see exactly what these options do. If i had to guess, the key here is the "keep alive" option since my OpenVPN server has those settings as follows:

 

[ragametal]

I just checked the content of the TrueNAS OpenVPN Client conf file located at /usr/local/etc/openvpn/client/ and i confirmed that it already has the funtions
persist-tun persist-key

So, the solution must be the "keep-alive" function which is missing on the OpenVPN client settings.

 

[Davvo]

Glad you found the easiest solution.

 

[ragametal]

I wouldn't say I already found a solution.
I still need to test it and there is currently another server doing an Rsync to this remote TrueNAS that will take a couple of days to complete (yes, Rsync takes that long).

Once that Rsync is completed, i will the "Keep-alive" option to see if OpenVPN reconnects.
I'll keep posting my results so anybody down the line can benefit from my growing pains.

 

[ragametal]

Well, that didn't work.
I set the "Keep-alive" option in the openvpn client in truenas and some weeks ago i lost connection.

I thought that (maybe) it was because i didn't reboot the system after i did the change. So, i physically went to the remote location and rebooted the system. The system reconnected right away and everything was great... until last night when I lost connection again.

While researching I stumbled upon this thread TrueNAS Core as OpenVPN client loses connection after a while which describes my issue. In there @Stick solved his issue by adding "Keep alive 10 60" as an Additional parameter but, as i said, it didn't work for me.

Something i did notice on that thread is that it seems everyone is putting double dashes before each additional parameter which i'm not doing.
For instance, in my settings i have keep alive 10 60 but they would have --keep alive 10 60 (i would post a screen shot of my settings but i have no connection to the system at the moment).

Would something this simple be the reason why keep alive is not working for me?

 

[Davvo]

Would something this simple be the reason why keep alive is not working for me?

Likely.

 

[ragametal]

The openvpn client service failed to start when i put the "--" to the left of that parameter so i went back and delete it.

Since "keepalive" was not working on my system I decided to use the paramters "ping" and "ping-restart". The reason for this is that, according to the OpenVPN Manual, those two options restart the OpenVPN client service if it cannot reach the server after a period of time, which is exactly what i want to achieve.

My settings now look like the following:

I used ping 10 and ping-restart 60 because the keepalive settings in my OpenVPN server look like this:

So far it is working, lets see if connection fails after a couple of days.
Wish me luck.

 

[ragametal]

Connection dropped again last night.
I honestly don't know what other OpenVPN option to try in order to keep the connection active.

At this point i guess my only other option is to run a script every hour that verifies if the connection is UP, if not, then it would restart the OpenVPN_client service.

It wouldn't be elegant but it will work.

Now, if anybody has a script like this already, could you please share it with me? I honestly don't want to keep wasting more time on this same issue.