keepalive-timeout (integer | disabled; Default: 60) Defines the time period (in seconds) after which the router is starting to send keepalive packets every second. If no traffic and no keepalive responses has came for that period of time (i.e. 2 * keepalive-timeout), not responding client is proclaimed disconnected: mac-address (MAC; Default: )

OpenVPN indeed has a keepalive option, but NM GUI has no way to pass the parameters, so you might want to hack into the global OpenVPN configuration, but I didn't find one, so it may be hard coded into NM. - Braiam Jul 30 '13 at 3:35. The OpenVPN pushes the ping 600 and ping-restart 1800 (as a result of the keepalive statement) perfectly fine to the client. Disconnect reason is as quick as 40 seconds after connection on idling, reason: Session invalidated: KEEPALIVE_TIMEOUT. That does not make sense to me. Server version: 2.1.3 x86_64-pc-linux-gnu (Debian version 2.1.3-2 To avoid this kind of behaviour, it's just a matter of telling openvpn to never renegociate a TLS session and keep the existing one alive, if you combine keepalive directive and reneg-sec 0, you're going to have a stable connection, with no renegociation whatsoever. The usual chain of events is that (a) the OpenVPN client fails to receive timely keepalive messages from the server's old IP address, triggering a restart, and (b) the restart causes the DNS name in the remote directive to be re-resolved, allowing the client to reconnect to the server at its new IP address. In order of having OpenVPN always on a smartphone, keepalive values have to grow, right now the default value 10 120 will drain the battery quickly: schwabe/ics-openvpn#100. I suggest setting 1800 3600 for keepalive in OpenVPN. Please close this issue if there is a reason against this setting. Regards,

After a while my VPN tunnel is dead (can't sent packets through). I guess because my internet connection was dead or the firewall removed the state because of not using the tunnel. Restarting the client remedies the situation. I do not understand why this happens even though I set the keepalive option.

The keepalive interval is the period of time between each keepalive message that is sent by a network device. This is always configurable. The keepalive retries is the number of times that the device continues to send keepalive packets without response before the state is changed to "down". Keepalive on higher layers. Since TCP keepalive is optional, various protocols (e.g. SMB and TLS) implement their own keep-alive feature on top of TCP. It is also common for protocols which maintain a session over a connectionless protocol, e.g. OpenVPN over UDP, to implement their own keep-alive. Other uses HTTP keepalive keepalive-timeout (integer | disabled; Default: 60) Defines the time period (in seconds) after which the router is starting to send keepalive packets every second. If no traffic and no keepalive responses has came for that period of time (i.e. 2 * keepalive-timeout), not responding client is proclaimed disconnected: mac-address (MAC; Default: ) Solved: We have VPN's from remote locations using Cisco 861 routers back to an ASA and some to another IOS based router. Wanted to find out what is the best way to keep the VPN's active. We are using "ip sla" feature, but is there

OpenVPN indeed has a keepalive option, but NM GUI has no way to pass the parameters, so you might want to hack into the global OpenVPN configuration, but I didn't find one, so it may be hard coded into NM. - Braiam Jul 30 '13 at 3:35.

keepalive: Keepalive uses ping to keep the OpenVPN session alive. 'Keepalive 10 120' pings every 10 seconds and assumes the remote peer is down if no ping has been received over a 120 second time period: http-proxy [proxy server] [proxy port #] If a proxy is required to access the server, enter the proxy server DNS name or IP and port number