Hello.
I’m using openvpn for a management connection to my various routers that i manage. Everything works great until i want to make a change to the openvpn config itself. At that point as soon as i hit enter on the commit command my connection to the router will drop.
If i tell the openvpn client to reconnect everything starts working again. So i have a few questions. Is there a way for the server to tell the client to renegotiate the connection? Or better yet, would there be a way to keep the session across an interface reload?
The connections only drop if you make a change on the interface it’s using so if i connect on vtun0 and make a change on vtun1 i can commit fine without having to reconnect.
Here is my config for vtun0 which is the management interface.
vyos@vyos-sh# show
encryption {
cipher aes256
}
mode server
openvpn-option "verb 5"
persistent-tunnel
protocol udp
server {
client 1 {
}
client 2 {
}
name-server 10.50.50.xx
name-server 10.50.50.xx
push-route 10.50.xx.xx/24
push-route 10.2.xx.x/24
push-route 10.33.xx.x/24
push-route 10.0.xx.x/29
push-route 10.33.xx.x/24
push-route 10.4.xx.x/24
subnet 10.50.xx.x/24
}
tls {
ca-cert-file /config/auth/openvpn/ca.crt
cert-file /config/auth/openvpn/cert.crt
dh-file /config/auth/openvpn/dh2048.pem
key-file /config/auth/openvpn/privatekey
}
[edit interfaces openvpn vtun0]
Anyone have any thoughts or faced something similar?