Recently it seems like openvpn has started going into a reconnect loop after a period of time (when run via ssoca openvpn exec). The user is required to manually interrupt/kill the process before it successfully reconnects.
This seems to be limited to cases which use the server-side, time-based verification of the client certificate with the ssoca-openvpn-verify option (which disables the connection if the cert is a few minutes after its validity start). This is probably compounded by cases where the network was interrupted and a fresh connection is attempted.
Things to consider...
why has this recently become an issue? does openssl 1.1.1 change how these errors are propagated to openvpn [did it previously exit]? was there some exit behavior changes in recent ssoca versions?
Recently it seems like
openvpn
has started going into a reconnect loop after a period of time (when run viassoca openvpn exec
). The user is required to manually interrupt/kill the process before it successfully reconnects.This seems to be limited to cases which use the server-side, time-based verification of the client certificate with the
ssoca-openvpn-verify
option (which disables the connection if the cert is a few minutes after its validity start). This is probably compounded by cases where the network was interrupted and a fresh connection is attempted.Things to consider...
openvpn
to exit after a fixed number of retries.--reconnect
as the default behavior? probably not; better to rely on process manager?Client-side logs look like the following.