Comments (5)
When openfortivpn wakes up, it expects to find everything in the state it previously was, which of course won't work and will result in openfortivpn attempting to communicate with the FortiGate until the timeout.
In order to handle that gracefully, openfortivpn would need to be notified of the event. Not sure how programs are notified — probably by systemd on systemd-based Linux distributions. I expect frameworks out there to provide some level of abstraction, but most likely only for Gnome or KDE software.
from openfortivpn.
@DimitriPapadopoulos Thanks for the reply.
Actually I was researching for a few more hours after posting this and finally found a solution.
The problem was due to the default values of lcp-echo-interval
& lcp-echo-failure
being quite high, causing openfortivpn to take around 2 minutes to detect VPN disconnection after PC wakes up, delaying reconnection.
I did the following:
sudo vim /etc/ppp/peers/vpnoptions
Text content
lcp-echo-interval 2
lcp-echo-failure 2
noauth
Then, while calling openfortivpn
sudo openfortivpn $vpn_server:$vpn_port --username=$vpn_username --pppd-call=vpnoptions
With this, openfortivpn detects VPN disconnection in 4 seconds rather than 2 minutes.
Since, after waking up my PC, it takes more than 4 seconds for me to enter the password and my domain connected PC's lockscreen to unlock, by the time I resume working openfortivpn has already reconnected. Problem solved!!! 😃
from openfortivpn.
On the other hand, long timeouts have avoided me having to reconnect on networks with occasional outages, even after outages of 30 seconds.
Perhaps it would make more sense to detect the system has woken up and forcibly close the connection.
from openfortivpn.
The length of the timeout, whether long or short, seems to have a limited impact in the context of an automated reconnection system. While a longer timeout could potentially reduce the frequency of reconnections, the automation of this process means there's minimal manual intervention required either way.
In terms of the applications that rely on the VPN connection, their timeouts are separate from that of openfortivpn. Thus, changes to the VPN's timeout settings appear to have no direct effect on them.
Currently, the system is functioning effectively as it is. I generally prefer to keep things straightforward and efficient, avoiding additional complexities unless they are necessary, such as implementing detection mechanisms for system wake-up events.
from openfortivpn.
In my case, the length of the timeout is vital, because I am not in the context of an automated reconnection system.
I must use an OTP and my FortiGate does not allow automated reconnections based on the session cookie (auto-connect='off'
). Here is the XML configuration sent by the FortiGate:
<?xml version='1.0' encoding='utf-8'?>
<sslvpn-tunnel ver='2' dtls='1' patch='1'>
<dtls-config heartbeat-interval='10' heartbeat-fail-count='10' heartbeat-idle-timeout='10' client-hello-timeout='10' />
<tunnel-method value='ppp' />
<tunnel-method value='tun' />
<tunnel-method value='websocket' /><auth-ses check-src-ip='1' tun-connect-without-reauth='0' tun-user-ses-timeout='30' />
<client-config save-password='off' keep-alive='off' auto-connect='off' />
<exclusive-routing>on</exclusive-routing>
<ipv4>
<dns domain='xxxxx.xxx.xx;xxxxx.xxx.xx;xxxxxx.xxx.xx;xxxxxxxxxxx.xxx.xx;xxx.xx' />
<dns ip='xxx.xxx.xxx.4' />
<dns ip='xxx.xxx.xxx.3' />
<assigned-addr ipv4='10.xx.xxx.x' />
</ipv4>
<idle-timeout val='1500' />
<auth-timeout val='36000' />
</sslvpn-tunnel>
Therefore, it is important for me to avoid reconnections.
from openfortivpn.
Related Issues (20)
- Using openvpn breaks openfortivpn HOT 3
- Invalid session ID error when trying to connect from a different network HOT 5
- Use private key file from Windows?
- macOS 14.2.1 and 1.21.0 blocks HOT 5
- modify firewall HOT 3
- connecting with @ in username and context in host HOT 3
- Empty cookie error after server upgrade from 7.2.7 to 7.2.8 HOT 10
- "Error writing to SSL connection" on FreeBSD
- 405 Method Not Allowed HOT 1
- openfortivpn on MAC gets stuck HOT 6
- openfortivpn version 1.22.0
- Wrong value in the 'Accept-Encoding' header HOT 2
- openfortivpn version 1.22.1
- IPCP terminated by peer (conflicting remote IP address) HOT 8
- Explain OTP Flag HOT 1
- v1.20.3 on OpenWRT - Hughes Internet HOT 9
- Older macOS do not provide `vdprintf`: `Undefined symbols: "_vdprintf"` HOT 11
- openfortivpn 1.3.0 not working on ubuntu 24.04 HOT 1
- ERROR: SSL_connect: error:0A000126:SSL routines::unexpected eof while reading, Error happen randomly HOT 7
- Possibly caching issue ? pppd-ipparam
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openfortivpn.