Ping Settings¶

Inactive¶

The amount of time, in seconds, which a client can be inactive before OpenVPN disconnects it for inactivity. OpenVPN bases activity on the last incoming or outgoing data channel packet, not control channel packets.

The default value is 300. A value of 0 disables this feature.

Tip

For Peer-to-Peer SSL/TLS servers in client/server mode, the best practice is to set this to 0 so that site-to-site VPN tunnels stay up indefinitely.

Warning

This option is ignored in peer-to-peer modes, such as shared key mode and SSL/TLS with a blank or /30 tunnel network. In those cases the option can cause the process to exit and not restart, resulting in a loss of service.

This option is not compatible with OpenVPN Data Channel Offload (DCO).

Ping Method¶

The Ping Method controls OpenVPN monitoring of peers through the control channel and how it deals with unresponsive peers. There are two methods available: Keepalive and Ping:

Use Keepalive Helper

This method uses the Interval and Timeout values to automatically set common useful values for OpenVPN ping and ping-restart rather than defining behavior manually. The values are used locally and pushed to peers when possible.

Note

This is the best practice in nearly all use cases, as most environments do not necessitate the extra complexity of configuring the behavior manually.

Interval

Sets the interval, in seconds, between control channel pings as well as the idle period for the data channel before OpenVPN will send a control channel ping. The default value is 10 seconds.

Note

All peers must send pings at the expected intervals as OpenVPN does not echo responses.

Timeout

The amount of time, in seconds, OpenVPN will wait for a ping from a peer before it considers the peer to be down. The default value is 60 seconds.

In client/server mode, on the server this value is multiplied by 2 and it disconnects an individual session for a client; on the client the value is used as-is and it restarts the VPN process. In peer-to-peer mode this restarts the VPN process.

Define Ping Manually

This method offers more flexibility in how OpenVPN will send pings and expect responses from peers, but it is also more complicated.

Ping

Sets the interval, in seconds, between control channel pings as well as the idle period for the data channel before OpenVPN will send a control channel ping. The default value is 10 seconds.

Push ping to client

Controls whether or not the value of Ping is pushed to clients when OpenVPN is in client/server mode.

Ping restart or exit

Chooses between whether the OpenVPN process will restart on failure or exit.

ping-restart: In client/server mode, on a server this disconnects a client session when the client does not respond. In client/server mode on the client, as well as in peer-to-peer mode, it restarts the OpenVPN process when a peer fails to respond.
ping-exit: Causes the VPN process to exit entirely when a peer fails to respond.

Warning

The VPN will not recover automatically when using this option. It requires manual intervention to start the VPN process again.

Ping restart or exit seconds

The amount of time, in seconds, OpenVPN will wait for a ping from a peer before it considers the peer to be down. The default value is 60 seconds.

Push to client

Controls whether or not Ping restart or exit and its associated value are pushed to clients when OpenVPN is in client/server mode.