How do I get openvpn to automatically restart after a network interruption?

Hey guys,

New OpenSUSE user here - 12.3. I’ve successfully installed openvpn and configured it to work with my provider (posting through their system right now in fact). I’m not using any GUI-based system to manage my network; instead I’ve got it all set up through systemctl and installed through zypper.

So here’s the deal: if my network drops or is interrupted for any reason, I want openvpn automatically restarted by the system so I can just leave it running and doing whatever and not have to worry about it. I was able to achieve that in Debian with sysvinit (I think, I was high when I configured it but it works!), but I’m sure that OpenSUSE is quite a bit different and seems to rely on systemctl instead of sysvinit and even if I’ve got the package name wrong I’m sure there’s some other best practice on this distro.

Anyway, can anybody point me in the right direction on how to get it to start automatically with a network interruption? I’d prefer a straight-up configuration as opposed to bash scripts with a cron job checking it, if that’s possible (and if not, I have to question the…architectural decisions around why that isn’t possible).

Thanks all.

PS - yes I did a search. Best results Google came up with pointed me at weird bash scripts that cron checked every so often or relied on the network manager applet, neither of which am I interested in using. I just want a simple, daemon-like “thing” that’ll restart openvpn on its own without fail. Thanks.

After stopping service

$sudo systemctl stop NetworkManager.service

i check status and find this

$sudo systemctl status NetworkManager.service|grep "Active"
      Active: inactive (dead) since Sat, 16 Mar 2013 19:33:19 +0530; 1min 22s ago

After starting service

$sudo systemctl start NetworkManager.service

i check status

$sudo systemctl status NetworkManager.service|grep "Active"
      Active: active (running) since Sat, 16 Mar 2013 19:35:36 +0530; 10s ago

We should read these status in script which needs to run at regular intervals and it should have root access to run systemd commands
Dev Shed Forums - View Single Post - Run script as root without typing root password?

There is a solution for Fedora, that might be worth copying:
Openvpn - FedoraProject

All you need for that is a systemd service file for your connection. An example:


[Unit] 
Description=OpenVPN 
After=network.target  
[Service] 
Type=forking 
ExecStart=/usr/sbin/openvpn --daemon --cd /etc*/openvpn/* --config openvpn.conf 
Restart=always 
RestartSec=30  
[Install] 
WantedBy=multi-user.target

The important part is “Restart=always”.

Although you say you are not running a graphical desktop, I’m pretty sure you can still run Network Manager.

When I let NM manage my OpenVPN connection, it automatically re-connects when the underlying connection is re-established.

HTH,
TSU

Kudos man, this is exactly what I needed. I had to do some googling to figure out a few other bits and pieces, but I’ve tested this and it works.

So for any future Googlers out there, here’s the dilly, yo. Take the code he has below and shove it in /etc/systemd/system/openvpn.service. Then do:


systemctl load openvpn.service
systemctl enable opnvpn.service
systemctl start openvpn.service
systemctl status openvpn.service

You should see it running. Then try:


ps aux | grep -i vpn

And you should see it in the process list. Send it a kill -9:


kill -9 XXXX # XXXX is the pid

Then check status again:


systemctl status openvpn.service

You should see its status as “activating (auto-restart)”. At that point you can tail -f /var/log messages or repeat the status command to see when it comes up. Then throw a traceroute or mtr at, say, google.com to see if you’re going through the right route through your VPN to reach your destination host. You can also double check with something like whatismyip.com or ipchicken.com, but I find an mtr works best for me.

Many thanks to everyone who replied in this thread. For the record, I did try the network manager service and it unfortunately never automatically reconnected when I manually disabled the internet connection (this is running on a virtual machine so I just turned off network access on the host), but this appears to work. Thanks again all.

Could you please elaborate how you managed that. I have VPN Connection profiles (OpenVPN) under NM and ticked “Connect Automatically” but it never works, both under KDE 4.10 and latest 4.11. Eventually I always have to connect manually, for first connection and for re-connects. I’d prefer the NM to manage auto-connects, if not then will have to revert to the script suggestions here.

ImageShack - Best place for all of your image hosting and image sharing needs](ImageShack - 60s8.png)

Uploaded with ImageShack.us

I use openVPN as the underlying technology connecting manually to a commercial vpn service daily.

I suppose it may make a diff what type of Internet connection interruption, but if I’m connecting through the same AP (ie same network credentials) the session is momentarily uninterrupted, I speculate because openVPN is an HTTP technology which is fundamentally based on individual asynchronous connections compared to other types of VPNs.

If the network changes too much, re-make the connection completely generating new authentication tokens, then of course that would require much more than simply re-establishing the existing session.

TSU

Thanks for the reply. I am mostly connecting to WiFi at home or outside hotspots, at times Mobile Broadband (3G/LTE) and very seldom via Eth, and always end up manually connecting the VPN connection. Have been using VPN services for past 3+ years on a daily basis, currently with PrivateInternetAccess.com (its ok service). It is not a big problem but would have been cool if it sees traffic and automatically connects to preferred OpenVPN profile. Well, guess I will try the script way and will reply how well it goes. Thanks.