peasthope@shaw.ca wrote: > Thanks. One additional revision appears necessary. The man page > for OpenVPN has the heading "VPN Address Setup" with three examples. > Each of these examples has a --remote parameter on each end of the > tunnel. I assumed that a --remote parameter is essential in every > configuration. Not so. My tunnel now works with remote specified > only in the system with the dynamic address. Same here. Only my dynamic client has a remote set. The server simply waits for clients to connect. > If OpenVPN restarts in the system with the static address, then the > tunnel will be broken; Yes. But the tunnel will start when the client connects. If you restart the server then the client will detect this and connect. > but apparently this is addressed by use of ping parameters. Say for > example, "ping 120" on the statically addressed end and > "ping-restart 130" on the dynamically addressed end. The dynamic ip > end must listen for pings and restart when they fail; I do not > understand why the dynamic ip should send pings. The client defaults to "--ping-restart 120" if you don't override it with something different. I use the default value. I don't put anything in the configuration file. > The tunnel works again but I have yet to prove the ping-restart capability. I use keepalive 20 120 on my server. This is the same as specifying all of four different ping parameters. keepalive 20 120 Same as: ping 20 ping-restart 120 push "ping 20" push "ping-restart 120" Because this exists on the server then the 'push' actions will push those to the client and configure the client. I like to keep that configuration all in one place on the server and have it take effect globally for all clients. Bob
Attachment:
signature.asc
Description: Digital signature