OpenVPN tun/tap opening and closing

[wyu177]

Hi All, I'm on a AC56u running a openvpn server on merlin 378.51 and I noticed in my logs, I'm getting a continuous stream of error messages:


Apr 9 05:36:00 kernel: br0: port 4(tap21) entering forwarding state
Apr 9 05:36:02 openvpn[745]: Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Apr 9 05:36:02 openvpn[745]: Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 9 05:36:02 openvpn[745]: Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Apr 9 05:36:02 openvpn[745]: Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 9 05:36:02 openvpn[745]: Socket Buffers: R=[120832->131072] S=[120832->131072]
Apr 9 05:36:02 openvpn[745]: TUN/TAP device tap21 opened
Apr 9 05:36:02 openvpn[745]: TUN/TAP TX queue length set to 100
Apr 9 05:36:02 openvpn[745]: UDPv4 link local (bound): [undef]
Apr 9 05:36:02 openvpn[745]: UDPv4 link remote: [undef]
Apr 9 05:36:02 kernel: br0: topology change detected, propagating
Apr 9 05:36:02 kernel: br0: port 4(tap21) entering forwarding state
Apr 9 05:36:02 kernel: br0: port 4(tap21) entering forwarding state
Apr 9 05:37:02 openvpn[745]: Inactivity timeout (--ping-restart), restarting
Apr 9 05:37:02 openvpn[745]: Closing TUN/TAP interface
Apr 9 05:37:02 openvpn[745]: SIGUSR1[soft,ping-restart] received, process restarting
Apr 9 05:37:02 openvpn[745]: Restart pause, 2 second(s)

it appears to be doing this over and over and I can't figure out what is causing it. Attached is a screenshot of my openvpn config.

I am able to connect from a openvpn client to this server without any issues, so i'm not sure what is causing this error.

Any help greatly appreciated. Let me know if more info is needed for troubleshooting. Thanks

 

[RMerlin]

This line contains your answer:

Apr 9 05:37:02 openvpn[745]: Inactivity timeout (--ping-restart), restarting

It's not an error, it's by design. From the OpenVPN documentation:

--ping-restart n
Similar to --ping-exit, but trigger a SIGUSR1 restart after n seconds pass without reception of a ping or other packet from remote.
This option is useful in cases where the remote peer has a dynamic IP address and a low-TTL DNS name is used to track the IP address using a service such as http://dyndns.org/ + a dynamic DNS client such as ddclient.

If the peer cannot be reached, a restart will be triggered, causing the hostname used with --remote to be re-resolved (if --resolv-retry is also specified).

In server mode, --ping-restart, --inactive, or any other type of internally generated signal will always be applied to individual client instance objects, never to whole server itself. Note also in server mode that any internally generated signal which would normally cause a restart, will cause the deletion of the client instance object instead.

In client mode, the --ping-restart parameter is set to 120 seconds by default. This default will hold until the client pulls a replacement value from the server, based on the --keepalive setting in the server configuration. To disable the 120 second default, set --ping-restart 0 on the client.

See the signals section below for more information on SIGUSR1.

Note that the behavior of SIGUSR1 can be modified by the --persist-tun, --persist-key, --persist-local-ip, and --persist-remote-ip options.

Also note that --ping-exit and --ping-restart are mutually exclusive and cannot be used together.