In my organization, we use Viscosity on about 120 laptops, each roaming the office pretty wildly, and it works pretty well, wich one snag: Whenever somebody connects their laptop to ethernet (or disconnects from it), their network interfaces and routing tables change, causing the VPN connection to stop transmitting data until it reconnects (which takes about 100 seconds end-to-end).
This is even more annoying since we use VPN-based DNS servers for most of our services, and the behavior above makes them look like they’re all unreachable. By now, I’ve trained most people to manually disconnect in Viscosity and reconnect if they plug in, but it’s been a pain in the neck for a while & I really want to fix this.
Is there a setting in Viscosity / openvpn to automatically reconnect if its default gateway should change? Or, given that it automatically reconnects after 100 seconds, to speed this up?
I’ve experimented with ping-restart and such, but these settings make it ping the VPN server’s public IP address (it doesn’t seem to go through the tunnel), and that never turns unreachable, so even “ping-restart 1” is ineffective - disconnecting from or connecting to the wired network still causes 100s of unreachability.
It sounds like you’re using a UDP connection with the default ping/ping-restart values. OpenVPN defaults to a ping value of 10 seconds, and a ping-restart value of 60 seconds (although it’s not uncommon for this to be set to 120 in template configurations). UDP connections are completely reliant on pings to determine when the connection is no longer active. OpenVPN pings are not real ICMP pings: they take place as part of the OpenVPN control channel as part of the connection.
As a test, try setting the ping value to 2, and the ping-restart value to 10. This should allow OpenVPN to detect that the connection is no longer active after 10 seconds and trigger a restart. Also ensure that the server isn’t pushing any ping/keepalive values that may override these settings.
However please be aware that by default OpenVPN will attempt to keep the VPN interface, routes, etc. in place during a connection restart, which is probably not the behaviour you are after. To stop this, make sure all of the “persist” options are un-ticked for your connection (under the Options tab when editing your connection in Viscosity) and that the server isn’t pushing any of these options either.
You could also consider a move to TCP. While TCP has lower performance, it will detect the drop-out near instantly.
Thank you for being interested in keeping up with the latest news from us! Please double-check your email address below and then click the Subscribe button.
