How do I trigger a client reconnect with OpenVPN?

Question

I am running multiple replicas of OpenVPN server (on a Kubernetes cluster) and have configured clients to reconnect should a server instance go down (with keepalive 10 60) which works fairly well.

However, I was wondering if there is a way to configure OpenVPN to trigger a client reconnect if a server shuts down on purpose (for example when performing a rolling update) to avoid the client hanging for 60 seconds.

Not with built-in OpenVPN commands, I believe. That's what `keepalive`/ `ping` and `ping-restart` are for. — Lenniey, Jul 16 '19 at 15:21
Ah that's shame, I feel like that should be a feature using some ICMP unreachable message — dippynark, Jul 16 '19 at 16:18
You can always write your own feature :). But aren't these 3 options enough if you set a low threshold? — Lenniey, Jul 17 '19 at 06:38
not really, I would want the timeout to be longer if the server doesn't tell me it has stopped, but immediate if the server does - the `–explicit-exit-notify [n]` option for OpenVPN 2.4 did the trick. See my answer below — dippynark, Jul 17 '19 at 13:40

score 2 · Accepted Answer · answered Jul 17 '19 at 13:39

2

From the reference manual for OpenVPN 2.4:

–explicit-exit-notify [n]: In UDP server mode, send RESTART control channel command to connected clients.

answered Jul 17 '19 at 13:39

dippynark

233
2
12

Oh nice, didn't know that. I have a use for this myself, ty! This has been implemented since about forever, I see.... – Lenniey Jul 17 '19 at 13:50
It has in client mode afaik, but 2.4 introduced this option in server mode too – dippynark Jul 17 '19 at 14:09

How do I trigger a client reconnect with OpenVPN?

1 Answers1