I tested a standing OpenVPN connection between two routers. The issue came up when I broke the connection. This was a simulation for a scenario that might happen in normal operation.
It shows, not only does the connection not recover; worse, it breaks the router on the VPN client side.
Both routers have the current version of TomatoUSB installed, namely "tomato-K26USB-1.28.9054MIPSR2-beta-vpn3.6".
OpenVPN: TUN, UDP, full TLS, extra HMAC auth (find further configuration details at the end of this description).
I produced the scenario the following way, it may easily be reproduced:
- Establish a running VPN connection between the two routers
- Stop the VPN server for around 30 seconds and start it again
The server VPN again starts listening for incoming connections, but the client does not recover. Here, after a timeout, I would expect it to terminate the broken connection and try to reestablish a new one. This is not the case. The DNS resolution on the client router starts failing. This might be the reason for preventing the VPN from recovery; I do not know, have not investigated this yet.
- Linksys WRT610N v2, where the OpenVPN client is.
- Netgear WNR3500L/U/v2, where the server is.
OpenVPN configuration client side:
The poll interval is set to 3 minutes.
# Automatically generated configuration daemon client dev tun11 proto udp remote XXXXXXXXX.dyndns-home.com 1194 resolv-retry 31 nobind persist-key persist-tun comp-lzo adaptive cipher AES-128-CBC verb 3 script-security 2 up updown.sh down updown.sh status-version 2 status status # Custom Configuration pull float ca /jffs/vpn/ca/ca.crt tls-auth /jffs/vpn/c1/static.key 1 cert /jffs/vpn/c1/client.crt key /jffs/vpn/c1/client.key
OpenVPN configuration server side:
# Automatically generated configuration daemon server 10.8.0.0 255.255.255.0 proto udp port 1194 dev tun21 cipher AES-128-CBC comp-lzo adaptive keepalive 15 60 verb 3 push "route 192.168.10.0 255.255.255.0" client-config-dir ccd client-to-client ccd-exclusive route 192.168.2.0 255.255.255.0 route 192.168.2.0 255.255.255.0 push "dhcp-option DOMAIN WORKGROUP" push "dhcp-option DNS 192.168.10.1" tls-auth static.key 0 ca ca.crt dh dh.pem cert server.crt key server.key status-version 2 status status # Custom Configuration