From b1db3bafd8bfde6fac9cc8c7fc3a5bedd39a1483 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Wed, 21 Oct 2015 18:26:32 +0000 Subject: [PATCH] Disable persist-tun for openvpn This should solve the issue where RHEL7 machines that get a network hiccup need an OpenVPN restart to restore their routes. The code is broken in the current upstream OpenVPN release, such that it does tear down some of the routes during a ping-restart (when the connection is dropped due to network hiccups), but the reconnection code does not restore the routes. I am working on an upstream patch to fix this, but in the meantime disabling persist-tun will make sure that OpenVPN does the entire initialization upon reconnection, which makes sure that all routes are created. Signed-off-by: Patrick Uiterwijk --- files/openvpn/client.conf | 1 - roles/openvpn/client/files/client.conf | 1 - roles/openvpn/server/files/server.conf | 1 - 3 files changed, 3 deletions(-) diff --git a/files/openvpn/client.conf b/files/openvpn/client.conf index d274e72acf..abb5d03d16 100644 --- a/files/openvpn/client.conf +++ b/files/openvpn/client.conf @@ -13,7 +13,6 @@ resolv-retry infinite nobind persist-key -persist-tun ca ca.crt cert client.crt diff --git a/roles/openvpn/client/files/client.conf b/roles/openvpn/client/files/client.conf index d274e72acf..abb5d03d16 100644 --- a/roles/openvpn/client/files/client.conf +++ b/roles/openvpn/client/files/client.conf @@ -13,7 +13,6 @@ resolv-retry infinite nobind persist-key -persist-tun ca ca.crt cert client.crt diff --git a/roles/openvpn/server/files/server.conf b/roles/openvpn/server/files/server.conf index c824b12ddd..3ba8fab11b 100644 --- a/roles/openvpn/server/files/server.conf +++ b/roles/openvpn/server/files/server.conf @@ -6,7 +6,6 @@ comp-lzo ping-timer-rem -persist-tun persist-key ca ca.crt