Restart openvpn without triggering firewall/routing restart

I'm trying to detect when the openvpn client stops responding and restarting it. I've tried service openvpn restart and also using the ping-restart option in the client. I've also tried just ifdown tun0 && ifup tun0. In all cases, it triggers sort of reset of all the routing including pbr which, I think, is the one I'm most concerned with. Whenever this happens, I get about 30 seconds of complete non-routing downtime, no traffic in or out of the router.

Is there a way to just restart the client without triggering a reset of all the routing?

What’s the reason it stops responding? Could you post OpenVPN logs when that happens?

I think my VPN provider switches nodes pretty aggressively and I assume the server I'm attached to just goes away. (It's a UDP connection)

It would be interesting to try another provider then. All providers I tried don’t shutdown servers like that. Still how about those logs? OpenVPN, if configured with ping and ping-restart was very robust for me.

I searched but am not seeing a how to do this. A link would be interesting.
Thanks

Here's a link for you: https://manpages.debian.org/testing/openvpn/openvpn.8.en.html#ping

I can't check now where to put it exactly. If you import your OpenVPN setup from a config file, its safe to append ping and ping-restart above the certificates.

1 Like

When you are at it, read about logging options and enable that as well to see if your ping setup actually works.

It's been a while, but I think I got around this issue by changing to a script-based pbr configuration. By entering each host one by one, it was running synchronously to do a dns lookup for each one. Changing to a script allowed me to have it execute in the background so the interface would come up quickly, then the background thread would fill in the ip addresses to the specific ip set in nftables. So, problem averted.