Layer 3 openvpn

i tried the layer 3 openvpn as as stated here....

but i got a network unreachable....does someone try an openvpn vpn layer 3

Almost anyone who uses openvpn does layer 3 tunnelling bacause of lower overhead.

Layer 2 tunneling is only needed for special cases.

What does network unreachable mean? No ping to openvpn server address or a ping to a local subnet?

yes when i try to ping saids here unreachable...
maybe the problem with my tun adpater

config interface 'vpn'
	option ifname 'tun0'
	option defaultroute '0'
	option peerdns '0'
	option proto 'none'

config interface 'vpn2'
	option ifname 'tun1'
	option auto '1'
	option proto 'none'

i used this one instead

config interface 'vpn2'
	option ifname 'tun1'
	option proto 'none'

Could you check to ping firstly you openvpn server ip.
check for ip with ssh and ifconfig, interface tunX.
If you have only one vpn connection vpn2 isn't needed.
Do you want to ping google through vpn or local gateway?

because my problem is my vpn disconects every 5 to seconds no matter how i google it out reconfig added commands still the i was hoping that the layer 3 would stabilize it
knowing 2 vpn disconnects randomly would lessen the timeouts
so i reconfigure and still thesame ....the timeouts become worst

What did the logs say?
On shell you could use "logread | grep openvpn"

both are connected and then disconnected the same time...

iis by change i would like to make the client1 connected and as soon as it disconnects the client2 will be connected.. hoping it will lessen the timeouts

What is your used openvpn server?

softhether running on DO....i was using ??? as a remote port..

You should firstly solve the issues with your connection problem.

Did you get an ip from your openvpn server?
Is there no reason for reset in your logs on the client or on the server?

Possibly you have to enable a more verbose log output...

yes what i found out is "due to inactivity then sigusr"

i was doing a binding port unrestrict the filtering from my isp

@juppin is there a way i could make client2 to delayed it's connection and then client1 to normal connection

There is always a way, but not with uci config...
It would be much better to solve the reset problem due to inactivity timeout...

Inactivity timeout could be related to general connection problems or misconfigured server / client...

I never had used softether as server.
How looks your client and server config?
Could you post this configs without private data?

dev tun
proto tcp
remote 8000
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
lport ???
verb 3

the client

thanks god bless sir and your family

thanks god bless you

Firstly, you have posted possibly private data such as ip in client conf and passwords, keys and others on server conf.
You should edit or delete your posts...

Secondly, your client conf looks good.
For lport, you can set this to any value you want. I use always 0 for a random port.
In server conf this is hardly readable, don´t understand the most of it...

Because your connection does restart due to inactivity, you could play with keepalive settings in your client conf. Normally this is only set on server side and get pushed to clients, but i doesn´t find anything about that in this unreadable server conf.

Try to set this in your client conf:
keepalive 10 60

The first number stands for the interval of an keepalive ping and the second number sets the timeout when connection gets closed.

And lastly, i would prefer udp proto for openvpn connections, because with tcp every openvpn packet must be acked...

Why do you use softether? If you only use openvpn, why not use openvpn directly?