Thank you for reporting! This what I expect from beta testing.
It's "interesting" about your VPN Inactivity timeout.
Can you please provide information about how often it happens?
When did it start happening? Have you tried older Voxel FW and Add-ons?
I'm currently investigating these kind of timeouts for both OpenVPN and Wireguard.
I've some reports it's happening exactly every 3 hours.
The problem started after installing the R9000 (early September) and setting up Surfshark on it. I had previously been using Surfshark for a couple of months on my R7800 as the main router.
Has happened with all versions of Voxel (from v1.0.4.43 to 1.0.4.45.2 (apart from 1.0.4.45.1 which I did not install) and your addons from 5.3b30 to 5.4b7 (apart from 5.4b4 which I did not install). I usually update the addon within a day of updates being released.
ISP is a mobile (cell) provider (since just before installing the R9000) and the download/upload speed is usually 15 to 25mb for both (usually better via VPN than not). However at certain times of the day (usually evenings) this drops substantially.
Initially seemed OK then kept dropping the connection briefly. Varied from 1 or 2 times per day up to 7 to 10 times. There does not appear to be any set pattern or regular interval. However, I will try and monitor it and let you know if a pattern appears. Initially thought it was a problem with Surfshark settings so changed the config file to tie in with the push settings received. The following settings were added or changed in the config to try to improve things.
#ping 60
#ping-restart 180
#ping-timer-rem
keepalive 60 360
connect-retry 1
cipher AES-256-GCM
There appeared to be a reduction in number of restarts following these changes as most days it is only 1 or 2. However that may be coincidental
Killswitch is on, no killswitch for Bypass, Restart at connection failure and Turbo are on
Further info:
The push settings received on starting VPN are:
Thu Nov 5 07:06:17 2020 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 162.252.172.57,dhcp-option DNS 149.154.159.92,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.8 255.255.255.0,peer-id 6,cipher AES-256-GCM'
Thu Nov 5 07:06:17 2020 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.4.9)
The following is an extract from current session log sowing 2 restarts since the current session started (on 2020-11-04 at 06:01:31)
“Wed Nov 4 22:00:35 2020 [uk-lon-v032.prod.surfshark.com] Inactivity timeout (--ping-restart), restarting
Wed Nov 4 22:00:35 2020 SIGUSR1[soft,ping-restart] received, process restarting
Wed Nov 4 22:00:35 2020 Restart pause, 1 second(s)
(note - changed from 5 seconds to reduce down time)
-
Thu Nov 5 07:00:42 2020 TLS: tls_process: killed expiring key
Thu Nov 5 07:00:43 2020 VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA
Thu Nov 5 07:00:43 2020 VERIFY KU OK
Thu Nov 5 07:00:43 2020 Validating certificate extended key usage
Thu Nov 5 07:00:43 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Nov 5 07:00:43 2020 VERIFY EKU OK
Thu Nov 5 07:00:43 2020 VERIFY OK: depth=0, CN=uk-lon-v032.prod.surfshark.com
Thu Nov 5 07:00:43 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Nov 5 07:00:43 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Nov 5 07:00:43 2020 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Nov 5 07:06:15 2020 [uk-lon-v032.prod.surfshark.com] Inactivity timeout (--ping-restart), restarting
Thu Nov 5 07:06:15 2020 SIGUSR1[soft,ping-restart] received, process restarting
Thu Nov 5 07:06:15 2020 Restart pause, 1 second(s)”
I hope that helps
If you need anything further (eg full session log or other logs) I can provide them. I do not currently save logs so information is currently only available from the last reboot.
PS I am hoping Surfshark start to support wireguard on the router, at present they only have wireguard on their apps for PC/Android etc.