Hello,
I am using the latest Softether VPN Server (4.09 build 9451) on debian linux, I am trying to connect an android device to it using the official OpenVPN app through tun/tcp , however I am getting disconnects every 10 seconds with a keepalive timeout. I tried using other apps for OpenVPN with the same result, so I am assuming this timeout and resulting disconnect is triggered by the server.
Does anybody know if there is a way to change the timeout parameter? Or is this a "bug" in the current version?
Thanks!
Keepalive Timeout OpenVPN
-
traffic_22
- Posts: 3
- Joined: Wed Jun 11, 2014 8:05 am
Re: Keepalive Timeout OpenVPN
Hello,
I discovered that the server is pushing the options "ping 3, ping-restart 10" to my android client, resulting in a disconnect every 10 seconds.
I tried overriding this on the client with e.g. keepalive 5 60, but that won't work.
Is there any way I can counter-act this on client-side or change these parameters on the server?
Any help or hint to resolve this would be very much appreciated.
I discovered that the server is pushing the options "ping 3, ping-restart 10" to my android client, resulting in a disconnect every 10 seconds.
I tried overriding this on the client with e.g. keepalive 5 60, but that won't work.
Is there any way I can counter-act this on client-side or change these parameters on the server?
Any help or hint to resolve this would be very much appreciated.
-
dnobori
- Posts: 228
- Joined: Tue Mar 05, 2013 10:04 am
Re: Keepalive Timeout OpenVPN
"ping 3, ping-restart 10" is normal.
It means that VPN Server sends ping packets to OpenVPN client every 3 seconds, and if there are no replies for more than 10 seconds, the connection will be terminated.
This setting is adequate for all kind of fast or slow Internet lines, including 3G or 2G.
If your OpenVPN client gets disconnected always, I suppose that there are some technical problem on the line. I think that the communication problem should be solved, and after that OpenVPN Client will work fine.
It means that VPN Server sends ping packets to OpenVPN client every 3 seconds, and if there are no replies for more than 10 seconds, the connection will be terminated.
This setting is adequate for all kind of fast or slow Internet lines, including 3G or 2G.
If your OpenVPN client gets disconnected always, I suppose that there are some technical problem on the line. I think that the communication problem should be solved, and after that OpenVPN Client will work fine.
-
traffic_22
- Posts: 3
- Joined: Wed Jun 11, 2014 8:05 am
Re: Keepalive Timeout OpenVPN
I did test this on several different connections, 3G, WIFI from different locations etc. - always with the same result. The server is a hosted root-server with no limitations by the provider.
This setup used to work with an earlier version of the Softether server, I however did the update because of the PolarSSL bug on the official OpenVPN client app.
I only used the regular generated Softether OpenVPN conf, the only thing I changed is port (53) and tcp instead of udp.
Essentially on the client config I use:
dev tun
proto tcp
port 53
cipher AES-256-CBC
auth SHA1
nobind
persist-key
persist-tun
auth-user-pass
....
I used 3 different OpenVPN client apps on my android phone (Cyanogenmod) - always with the same behavior.
Any suggestions what I could change/test/do ?
This setup used to work with an earlier version of the Softether server, I however did the update because of the PolarSSL bug on the official OpenVPN client app.
I only used the regular generated Softether OpenVPN conf, the only thing I changed is port (53) and tcp instead of udp.
Essentially on the client config I use:
dev tun
proto tcp
port 53
cipher AES-256-CBC
auth SHA1
nobind
persist-key
persist-tun
auth-user-pass
....
I used 3 different OpenVPN client apps on my android phone (Cyanogenmod) - always with the same behavior.
Any suggestions what I could change/test/do ?
-
dnobori
- Posts: 228
- Joined: Tue Mar 05, 2013 10:04 am
Re: Keepalive Timeout OpenVPN
You should distinguish the problem.
Can you test some servers on http://www.vpngate.net/ via OpenVPN protocol?
If all connections to servers will fail, it means that your client side has a problem.
Otherwise, it means that your VPN Server side has a problem.
Can you test some servers on http://www.vpngate.net/ via OpenVPN protocol?
If all connections to servers will fail, it means that your client side has a problem.
Otherwise, it means that your VPN Server side has a problem.