Pergunta original aqui: link
Minha conexão VPN parece estar bem por quase exatamente 10 minutos.
Aqui está o log:
Jan 08 09:37:05: Viscosity Mac 1.4.2 (1092)
Jan 08 09:37:05: Viscosity OpenVPN Engine Started
Jan 08 09:37:05: Running on Mac OS X 10.8.2
Jan 08 09:37:05: ---------
Jan 08 09:37:05: Checking reachability status of connection...
Jan 08 09:37:05: Connection is reachable. Starting connection attempt.
Jan 08 09:37:08: OpenVPN 2.2.1 x86_64-apple-darwin10.8.0 [SSL] [LZO2] [PKCS11] [eurephia] built on Aug 1 2011
Jan 08 09:37:07: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Jan 08 09:37:07: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 08 09:37:07: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jan 08 09:37:09: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jan 08 09:37:09: LZO compression initialized
Jan 08 09:37:09: UDPv4 link local (bound): [undef]:1194
Jan 08 09:37:09: UDPv4 link remote: 216.23.154.30:1194
Jan 08 09:37:10: [vpp-vpn001.verrus.com] Peer Connection Initiated with 216.23.154.30:1194
Jan 08 09:37:12: TUN/TAP device /dev/tun0 opened
Jan 08 09:37:12: /sbin/ifconfig tun0 delete
Jan 08 09:37:12: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Jan 08 09:37:12: /sbin/ifconfig tun0 10.103.11.145 10.103.11.146 mtu 1500 netmask 255.255.255.255 up
Jan 08 09:37:12: Initialization Sequence Completed
Jan 08 09:57:15: [vpp-vpn001.verrus.com] Inactivity timeout (--ping-restart), restarting
Jan 08 09:57:15: SIGUSR1[soft,ping-restart] received, process restarting
Jan 08 09:57:16: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Jan 08 09:57:16: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 08 09:57:16: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jan 08 09:57:16: LZO compression initialized
Jan 08 09:57:16: UDPv4 link local (bound): [undef]:1194
Jan 08 09:57:16: UDPv4 link remote: 216.23.154.30:1194
Jan 08 09:57:17: [vpp-vpn001.verrus.com] Peer Connection Initiated with 216.23.154.30:1194
Jan 08 09:57:19: TUN/TAP device /dev/tun0 opened
Jan 08 09:57:19: /sbin/ifconfig tun0 delete
Jan 08 09:57:19: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Jan 08 09:57:19: /sbin/ifconfig tun0 10.103.11.145 10.103.11.146 mtu 1500 netmask 255.255.255.255 up
Jan 08 09:57:19: Initialization Sequence Completed
Parece demorar cerca de 10 minutos para Viscosity perceber que a conexão falhou e tentar renegociar. Minha tabela de roteamento não parece mudar. Eu tentei e consegui replicar esse comportamento tanto no Tunnelblick quanto na Viscosidade.
Na verdade, posso ver a taxa de transferência cair para 0 dentro de 10 segundos da marca de 10 minutos.
Minha teoria é que gira em torno do tempo de concessão do DHCP, mas não consegui descobrir como verificar isso no OSX com uma interface de tun do OpenVPN.
Jan 08 09:57:15: [vpp-vpn001.verrus.com] Inactivity timeout (--ping-restart), restarting
A partir dessa linha, fica claro que há um tempo limite ocioso configurado no lado do servidor. Então, quando alguém não faz nada por 20 minutos (não são 10 minutos, o que eu posso ver nos logs), o servidor redefine a conexão.
Por favor, verifique o lado do servidor para isso.
Pode ser algo como keepalive 10 120 . Não tenho certeza embora. Que você precisa procurar no arquivo server.conf.