OpenVPN Road Warrior: OTP authentication, VPN disconnects after one hour

gsanchietti commented 1 month ago

Steps to reproduce

Configure a Road Warrior OpenVPN server with "Username and OTP authentication"
Create a VPN user
Connect the VPN user
Observe the VPN connection over a period to notice intermittent disconnections.

Expected behavior

The VPN connection should remain stable without intermittent disconnections, as experienced in the previous version.

Actual behavior

Users are experiencing frequent VPN disconnections, requiring manual reactivation.

Upon further investigation, setting reneg_sec to 0 on both the server and client sides seems to mitigate the issue, allowing the connection to remain stable beyond the hour mark without requiring OTP reauthentication.

Workaround

Execute on the firewall:

uci set openvpn.ns_roadwarrior1.reneg_sec='0'
uci commit

On the download .ovpn file, make sure these options are present:

auth-nocache
reneg-sec 0

Thanks to @francio87

github-actions[bot] commented 1 month ago

Testing image version: 8-23.05.3-ns.0.0.5-rc2-80-g3318916

francio87 commented 1 month ago

Confirmed, now both the server and the client have the reneg_sec=0 option set

NethServer / nethsecurity

OpenVPN Road Warrior: OTP authentication, VPN disconnects after one hour #538