Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to get openvpn-gui NOT to reconnect after resuming from sleep? #636

Open
rpodric opened this issue Jun 22, 2023 · 8 comments
Open

How to get openvpn-gui NOT to reconnect after resuming from sleep? #636

rpodric opened this issue Jun 22, 2023 · 8 comments

Comments

@rpodric
Copy link

rpodric commented Jun 22, 2023

AFAIK, the default behavior, at least on Windows, goes like this:

  1. Right-click openvpn-GUI (current version) tray icon and Connect.
  2. Sometime later, you've maybe forgotten about the connection, so it's still on, but you put the machine to sleep.
  3. When you return and resume, you see that openvpn-GUI is still green and the VPN is still live. It's quickly reconnected.

How do you stop it doing that? If it's something to be done on the server or in the ovpn, that's fine, but it seems like it should be handled in the GUI given that...

...I tried unchecking "Enable auto restart of active connections," but interestingly that made no difference. What does it do if not this? I've also set "Persistent Connections" on Disable, though I don't think that applies to the way that I connect anyway, so I wasn't surprised by this one.

I'd much prefer to have to click Connect again to connect after sleep.

The reconnects also spew the server log with either the infamous "TLS Error: local/remote TLS keys are out of sync" or "AEAD Decrypt error," neither of which ever happen when making the initial connection (i.e. not these automatic reconnects), but they're almost beside the point since I don't want reconnects in the first place. Figuring out how to stop the reconnects will stop these.
@lstipakov
Copy link
Member

...I tried unchecking "Enable auto restart of active connections," but interestingly that made no difference. What does it do if not this?

When openvpn-gui exits with some connections still on, those will be stopped and then restarted when openvpn-gui is running again.

I'd much prefer to have to click Connect again to connect after sleep.

I don't think we are aware of sleep/resume, openvpn sees it as keepalive timeout for UDP or connection reset for TCP, which triggers reconnect. Maybe you can play with scripting and power management events to tell gui to stop all connections on standby.

I am curious, why do you want to do it?

@selvanair
Copy link
Collaborator

When you put the client host to sleep, OpenVPN tunnel is not "disconnected" nor is openvpn.exe or openvpn-gui.exe stopped. When it wakes up, all programs that were running before sleep resume and so does OpenVPN and the GUI. As far as OpenVPN is concerned, there is no difference whether the traffic stopped because of sleep or some network glitch. In either case it will do a ping-restart if traffic has stopped flowing for a certain time. You can probably change that using --ping-exit or --inactive, but that would also affect recovery from network loss other than sleep.

Neither OpenVPN nor OpenVPN-GUI explicitly does anything on sleep events. The underlying network driver may reset on to power events but the connection resumes when the driver wakes up. Just like your wifi or LAN connection resumes.

Every long running program on your machine (like a long computation) also resumes after sleep. I fail to see why you want OpenVPN to behave differently --- if the connection does not resume after sleep that would be a cause for concern.

@rpodric
Copy link
Author

rpodric commented Jun 22, 2023

Thanks, @lstipakov @selvanair

When openvpn-gui exits with some connections still on, those will be stopped and then restarted when openvpn-gui is running again.

Ah, it wouldn't have occurred to me that it was about that.

I don't think we are aware of sleep/resume, openvpn sees it as keepalive timeout for UDP or connection reset for TCP, which triggers reconnect. Maybe you can play with scripting and power management events to tell gui to stop all connections on standby.

I think you're referring to the Advanced tab, where we have script timeouts for Preconnect, Connect, and Disconnect, currently on the defaults of 10, 30, and 10 respectively. I'll have to look into those to see if they'd apply here.

Neither OpenVPN nor OpenVPN-GUI explicitly does anything on sleep events. The underlying network driver may reset on to power events but the connection resumes when the driver wakes up. Just like your wifi or LAN connection resumes.

OK, so maybe those timeouts wouldn't apply then.

Here's the scenario where you might not want it to reconnect:

  1. VPN sees occasional use. That is, it's not one of those scenarios where it's needed most of the time.
  2. User is forgetful. There's no hope of getting him to recall to disconnect manually.

Under those conditions, for a need that might have really been 30 minutes or an hour a week, over a couple total connects, the VPN will be connected (except when asleep, of course) for potentially weeks (or reboot, which isn't often in most cases), as the user never gives it a second thought again. That in itself is not great, but then compound that with the log filling up with those two reconnect-triggered errors I mentioned. That's kind of a separate topic, but also not necessarily easy to solve based on other threads spanning years.

@selvanair
Copy link
Collaborator

Here's the scenario where you might not want it to reconnect:

VPN sees occasional use. That is, it's not one of those scenarios where it's needed most of the time.

User is forgetful. There's no hope of getting him to recall to disconnect manually.

Use --ping-exit and/or --inactive in your config file. See OpenVPN man page for details.

@rpodric
Copy link
Author

rpodric commented Jun 23, 2023

Yes, I'm looking at those (and maybe --ping). Finding the right combination that will work but at the same time not undermine it when the machine is not asleep, might be a challenge.

@nickgrange
Copy link

Did you get anywhere with this please, i.e. find any setting which will disconnect it? I've tried --ping-exit and --inactive

When the laptop goes to sleep, the client logs the below and then say connecting:

2024-11-15 15:26:33 write UDPv4: Network is unreachable (WSAENETUNREACH) (fd=1f4,code=10051)
2024-11-15 15:26:33 write UDPv4: Network is unreachable (WSAENETUNREACH) (fd=1f4,code=10051)
2024-11-15 15:26:35 write UDPv4: Network is unreachable (WSAENETUNREACH) (fd=1f4,code=10051)
2024-11-15 15:26:35 write UDPv4: Network is unreachable (WSAENETUNREACH) (fd=1f4,code=10051)
2024-11-15 15:26:36 write UDPv4: Network is unreachable (WSAENETUNREACH) (fd=1f4,code=10051)
2024-11-15 15:26:36 write UDPv4: Network is unreachable (WSAENETUNREACH) (fd=1f4,code=10051)
2024-11-15 15:26:36 write UDPv4: Network is unreachable (WSAENETUNREACH) (fd=1f4,code=10051)
2024-11-15 15:40:00 [...] Inactivity timeout (--ping-restart), restarting
2024-11-15 15:40:00 SIGUSR1[soft,ping-restart] received, process restarting

@selvanair
Copy link
Collaborator

Try --remap-usr1 SIGTERM. It will cause OpenVPN to terminate on all SIGUSR1 restarts including the one after losing connectivity on sleep.

@nickgrange
Copy link

Thanks for getting back to me, will update on Monday when back in the office

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lstipakov @selvanair @rpodric @nickgrange