there is no keep alive on server settings for openvpn, I think you are confusing it with IPsec. There most definitely is a keepalive setting for the server config file, as outlined in the sample "server configuration file" on OpenVPN's website:

The usual chain of events is that (a) the OpenVPN client fails to receive timely keepalive messages from the server's old IP address, triggering a restart, and (b) the restart causes the DNS name in the remote directive to be re-resolved, allowing the client to reconnect to the server at its new IP address. In order of having OpenVPN always on a smartphone, keepalive values have to grow, right now the default value 10 120 will drain the battery quickly: schwabe/ics-openvpn#100. I suggest setting 1800 3600 for keepalive in OpenVPN. Please close this issue if there is a reason against this setting. Regards, Here you will find the complete Reference manual for OpenVPN 2.0. Options, examples, and everything you need to get you started. This default will hold until the client pulls a replacement value from the server, based on the -keepalive setting in the server configuration. Hi, I have a question regarding a piece of documentation : "When the tunnel is configured to operate in IPSec mode, the keepalive parameter must be disabled. By default, keepalive is disabled." Get Started with OpenVPN Connect. OpenVPN Connect is the free and full-featured VPN Client that is developed in-house. It is the official Client for all our VPN solutions. Any other OpenVPN protocol compatible Server will work with it too. Our desktop client software is directly distributed from our Access Server User portal. Since OpenVPN Access Server 1.8.0 a session-token-based authentication system was added. What this does is after successful authentication give the user a unique string of numbers and letters that identifies that user's session. The purpose of this is to not have to remember the user's credentials in memory. there is no keep alive on server settings for openvpn, I think you are confusing it with IPsec. There most definitely is a keepalive setting for the server config file, as outlined in the sample "server configuration file" on OpenVPN's website:

The keepalive option is always added to an OpenVPN server configuration. There are many scenarios where this is not wanted and will prevent the required behavior. In my case, when working with iOS VPN on demand rule-driven behavior, the keepalive had to be removed (by commenting out line 453 in openvpn.inc).

One of my vendors has a VPN connection to us and the VPN keeps going down. They have suggested that we should do a ping ever minute to keep the VPN up, but the problem is the normal ping command is going down after a re-boot or gets closed by accident. The keepalive option is always added to an OpenVPN server configuration. There are many scenarios where this is not wanted and will prevent the required behavior. In my case, when working with iOS VPN on demand rule-driven behavior, the keepalive had to be removed (by commenting out line 453 in openvpn.inc). The Keepalive option ensures that a new SA is negotiated even if there is no traffic so that the VPN tunnel stays up. To enable Keepalive - Web-based manager. Go to VPN > IPSEC > Auto Key (IKE). Select the Edit icon for your phase 2 configuration. Select Advanced. Select Autokey Keep Alive. Select OK. To enable Keepalive - CLI. config vpn ipsec

Keepalive in VPN site to site tunnel I was asked a question by a collegue today if there were any way that a keepalive could be configured so that site to site tunnels would stay up, vs. having to have interesting traffic to allow the ISAKMP

Because OpenVPN tries to be a universal VPN tool offering a great deal of flexibility, there are a lot of options on this reference page for OpenVPN 2.4. This default will hold until the client pulls a replacement value from the server, based on the -keepalive setting in the server configuration. keepalive 10 60-----I can connect to my openvpn server (pfsense) without any problem. But after a while, the client disconnects even if the keepalive option is set. Sep 21 17:12:22 openvpn[99173]: blv/ip_addr:50942 [blv] Inactivity timeout (--ping-restart), restarting Sep 22 07:28:58 openvpn[99173]: vince/ip_addr:63767 [vince] Inactivity Keepalive in VPN site to site tunnel I was asked a question by a collegue today if there were any way that a keepalive could be configured so that site to site tunnels would stay up, vs. having to have interesting traffic to allow the ISAKMP Hello, I am using the latest Softether VPN Server (4.09 build 9451) on debian linux, I am trying to connect an android device to it using the official OpenVPN app through tun/tcp , however I am getting disconnects every 10 seconds with a keepalive timeout. OpenVPN indeed has a keepalive option, but NM GUI has no way to pass the parameters, so you might want to hack into the global OpenVPN configuration, but I didn't find one, so it may be hard coded into NM. - Braiam Jul 30 '13 at 3:35. The OpenVPN pushes the ping 600 and ping-restart 1800 (as a result of the keepalive statement) perfectly fine to the client. Disconnect reason is as quick as 40 seconds after connection on idling, reason: Session invalidated: KEEPALIVE_TIMEOUT. That does not make sense to me. Server version: 2.1.3 x86_64-pc-linux-gnu (Debian version 2.1.3-2 To avoid this kind of behaviour, it's just a matter of telling openvpn to never renegociate a TLS session and keep the existing one alive, if you combine keepalive directive and reneg-sec 0, you're going to have a stable connection, with no renegociation whatsoever.