https://bugzilla.novell.com/show_bug.cgi?id=781106
https://bugzilla.novell.com/show_bug.cgi?id=781106#c2
Marius Tomaschewski
One more note, I use linux-next kernel. If you feel this is a kernel regression, let me know.
No, I don't think it is a regression. You can tune the defaults by setting a shorter "ping-restart" option:
From "man openvpn":
--ping-restart n Similar to --ping-exit, but trigger a SIGUSR1 restart after n seconds pass without reception of a ping or other packet from remote. [...] In client mode, the --ping-restart parameter is set to 120 seconds by default. [...] SIGHUP Cause OpenVPN to close all TUN/TAP and network connec- tions, restart, re-read the configuration file (if any), and reopen TUN/TAP and network connections. SIGUSR1 Like SIGHUP, except don't re-read configuration file, and possibly don't close and reopen TUN/TAP device, re- read key files, preserve local IP address/port, or pre- serve most recently authenticated remote IP address/port based on --persist-tun, --persist-key, --persist-local- ip, and --persist-remote-ip options respectively (see above). This signal may also be internally generated by a time- out condition, governed by the --ping-restart option. This signal, when combined with --persist-remote-ip, may be sent when the underlying parameters of the host's network interface change such as when the host is a DHCP client and is assigned a new IP address. See --ipchange above for more information. So by default, it need 120 seconds to recover. You can use "/etc/init.d/openvpn reopen" to send a USR1 to all running instances. Hmm... there seems to be a bug in the init script -- reopen is also in the reload case, so it will never send USR1, but HUP (which is more intrusive / closes & restarts running conns). On the another side, a resume is different event than the other reconnects that ping-reconnect handles (e.g. external IP changed), where a "long" delay of 120 secs makes sense. So it would make sense to add a suspend/resume script to pm-utils: hibernate|suspend) test -x /etc/init.d/openvpn && \ /etc/init.d/openvpn status &>/dev/null && \ reopen_on_resume=yes || reopen_on_resume=no savestate "reopen_on_resume" "$reopen_on_resume" ;; thaw|resume) restorestate "reopen_on_resume" test "x$reopen_on_resume" = "xyes" && \ /etc/init.d/openvpn reopen ;; Vojtech (pm-utils maintainer), what do you think? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.