Re (8): OpenVPN server mode usage.

To: debian-user@lists.debian.org
Cc: peasthope@shaw.ca
Subject: Re (8): OpenVPN server mode usage.
From: peasthope@shaw.ca
Date: Tue, 18 Jan 2011 17:33:03 -0800
Message-id: <[🔎] 171056882.71748.66672@cantor.invalid>
In-reply-to: <[🔎] 20110118045208.GA5961@hysteria.proulx.com>

From:	Bob Proulx <bob@proulx.com>
Date:	Mon, 17 Jan 2011 21:52:08 -0700
> Only my dynamic client has a remote set. 

??  
We are on the same frequency here.  The dynamic-ip system 
has a remote parameter pointing to the static-ip system.  The 
static-ip system lacks the remote parameter ... unless I revert 
to my old dependance upon a DDNS server, ... which had failed.

Me previously,
> > If OpenVPN restarts in the system with the static address, then the
> > tunnel will be broken;

From:	Bob Proulx <bob@proulx.com>
Date:	Mon, 17 Jan 2011 21:52:08 -0700
> Yes.  But the tunnel will start when the client connects.  If you
> restart the server then the client will detect this and connect.

>From what you have said I'll infer that your dynamic-ip system 
is what people call a "road warrior".  Usually a laptop which the 
user takes on a field trip.  It connects for a session with the user 
present.

My situation is different.  The dynamic-ip system Joule remains at 
my residence running 24/7.  It is unattended when I am in the city 
at work.  If the tunnel on the static-ip Dalton is restarted, I prefer  
that Joule reconciles and the tunnel is open again within a few 
minutes.

> I use keepalive 20 120 on my server.  This is the same as specifying
> all of four different ping parameters.

Nice.  Thanks.  I'll use it.

> Same as:
>   ping 20
>   ping-restart 120
>   push "ping 20"
>   push "ping-restart 120"

I'll guess that ping-restart listens for a signal but doesn't emit one.  
The purpose in the static-ip system emitting pings and the dynamic-ip 
doing "ping-restart 120" is obvious.  Why is the converse needed?  When 
none of your road warriors are on-line the static-ip "server" will be restarting 
openvpn every 120 s.  Why?

Incidentally, does your "server" really have "mode server" or just a 
collection of "mode p2p" tunnels?

> Because this exists on the server then the 'push' actions will push
> those to the client and configure the client.  I like to keep that
> configuration all in one place on the server and have it take effect
> globally for all clients.

Thanks for the discussion.  My configurations are improving gradually.

Regards,             ... Peter E.

-- 
Telephone 1 360 450 2132.
Shop pages http://carnot.yi.org/ accessible as long as the old drives survive.
Personal pages http://members.shaw.ca/peasthope/ .

Reply to:

Follow-Ups:
- Re: Re (8): OpenVPN server mode usage.
  - From: Bob Proulx <bob@proulx.com>

References:
- Re: Re (7): OpenVPN server mode usage.
  - From: Bob Proulx <bob@proulx.com>

Prev by Date: Re: Why is Evolution and Epiphany now a part of gnome-core?
Next by Date: Re (2): message threading in debian lists; was Re (6): OpenVPN server mode usage.
Previous by thread: Re: Re (7): OpenVPN server mode usage.
Next by thread: Re: Re (8): OpenVPN server mode usage.
Index(es):
- Date
- Thread