From: Bob Proulx <b...@proulx.com> Date: Mon, 17 Jan 2011 21:52:08 -0700 > Only my dynamic client has a remote set.
?? We are on the same frequency here. The dynamic-ip system has a remote parameter pointing to the static-ip system. The static-ip system lacks the remote parameter ... unless I revert to my old dependance upon a DDNS server, ... which had failed. Me previously, > > If OpenVPN restarts in the system with the static address, then the > > tunnel will be broken; From: Bob Proulx <b...@proulx.com> Date: Mon, 17 Jan 2011 21:52:08 -0700 > Yes. But the tunnel will start when the client connects. If you > restart the server then the client will detect this and connect. >From what you have said I'll infer that your dynamic-ip system is what people call a "road warrior". Usually a laptop which the user takes on a field trip. It connects for a session with the user present. My situation is different. The dynamic-ip system Joule remains at my residence running 24/7. It is unattended when I am in the city at work. If the tunnel on the static-ip Dalton is restarted, I prefer that Joule reconciles and the tunnel is open again within a few minutes. > I use keepalive 20 120 on my server. This is the same as specifying > all of four different ping parameters. Nice. Thanks. I'll use it. > Same as: > ping 20 > ping-restart 120 > push "ping 20" > push "ping-restart 120" I'll guess that ping-restart listens for a signal but doesn't emit one. The purpose in the static-ip system emitting pings and the dynamic-ip doing "ping-restart 120" is obvious. Why is the converse needed? When none of your road warriors are on-line the static-ip "server" will be restarting openvpn every 120 s. Why? Incidentally, does your "server" really have "mode server" or just a collection of "mode p2p" tunnels? > Because this exists on the server then the 'push' actions will push > those to the client and configure the client. I like to keep that > configuration all in one place on the server and have it take effect > globally for all clients. Thanks for the discussion. My configurations are improving gradually. Regards, ... Peter E. -- Telephone 1 360 450 2132. Shop pages http://carnot.yi.org/ accessible as long as the old drives survive. Personal pages http://members.shaw.ca/peasthope/ . -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/171056882.71748.66672@cantor.invalid
