Ping Settings¶
Inactive¶
The amount of time, in seconds, which a client can be inactive before OpenVPN disconnects it for inactivity. OpenVPN bases activity on the last incoming or outgoing data channel packet, not control channel packets.
The default value is 300. A value of 0 disables this feature.
Tip
For Peer-to-Peer SSL/TLS servers in client/server mode, the best practice is
to set this to 0 so that site-to-site VPN tunnels stay up indefinitely.
Warning
This option is ignored in peer-to-peer modes, such as shared key mode and
SSL/TLS with a blank or /30 tunnel network. In those cases the option can
cause the process to exit and not restart, resulting in a loss of service.
This option is not compatible with OpenVPN Data Channel Offload (DCO).
Ping Method¶
The Ping Method controls OpenVPN monitoring of peers through the control channel and how it deals with unresponsive peers. There are two methods available: Keepalive and Ping:
- Use Keepalive Helper:
This method uses the Interval and Timeout values to automatically set common useful values for OpenVPN
pingandping-restartrather than defining behavior manually. The values are used locally and pushed to peers when possible.Note
This is the best practice in nearly all use cases, as most environments do not necessitate the extra complexity of configuring the behavior manually.
- Interval:
Sets the interval, in seconds, between control channel pings as well as the idle period for the data channel before OpenVPN will send a control channel ping. The default value is
10seconds.Note
All peers must send pings at the expected intervals as OpenVPN does not echo responses.
- Timeout:
The amount of time, in seconds, OpenVPN will wait for a ping from a peer before it considers the peer to be down. The default value is
60seconds.In client/server mode, on the server this value is multiplied by
2and it disconnects an individual session for a client; on the client the value is used as-is and it restarts the VPN process. In peer-to-peer mode this restarts the VPN process.
- Define Ping Manually:
This method offers more flexibility in how OpenVPN will send pings and expect responses from peers, but it is also more complicated.
- Ping:
Sets the interval, in seconds, between control channel pings as well as the idle period for the data channel before OpenVPN will send a control channel ping. The default value is
10seconds.- Push ping to client:
Controls whether or not the value of Ping is pushed to clients when OpenVPN is in client/server mode.
- Ping restart or exit:
Chooses between whether the OpenVPN process will restart on failure or exit.
- ping-restart:
In client/server mode, on a server this disconnects a client session when the client does not respond. In client/server mode on the client, as well as in peer-to-peer mode, it restarts the OpenVPN process when a peer fails to respond.
- ping-exit:
Causes the VPN process to exit entirely when a peer fails to respond.
Warning
The VPN will not recover automatically when using this option. It requires manual intervention to start the VPN process again.
- Ping restart or exit seconds:
The amount of time, in seconds, OpenVPN will wait for a ping from a peer before it considers the peer to be down. The default value is
60seconds.- Push to client:
Controls whether or not Ping restart or exit and its associated value are pushed to clients when OpenVPN is in client/server mode.