Is persistence working?

[davidleejy]

openfortivpn version: 1.20.5

Is anyone having the experience where the "persistent" feature (also called connection keep-alive) not working?

Tried to test this feature by disconnecting my wifi, and reconnecting 30 seconds or so later, and found that my openfortinet VPN connection isn't re-established 😔.

I'm executing openfortivpn with persistence as so:

$ sudo openfortivpn -c my-config.txt --persistent=2 

[DimitriPapadopoulos]

Does openfortivpn exit with an error? Perhaps the VPN has not been disconnected in the first place. Stopping and restarting your WiFi just overwites any openfortivpn changes to routing and DNS settings.

[davidleejy]

Hi @DimitriPapadopoulos, to answer your question, openfortivpn does not exit with an error.

The rationale for my question are similar to these use-cases:

1. Momentary loss of internet connectivity. User runs openfortivpn on a laptop when connected to his home wifi, VPN connection is established nicely. User then takes his laptop with him on his journey to school/work/nearby cafe. Along the journey, the laptop is without internet connectivity and the VPN connection must be dropped. When he reaches his destination and re-establishes internet connectivity, e.g., through the cafe's wifi, it'd be nice if openfortivpn continuously attempts to reconnect with the VPN it was previously connected to so that the rest of his applications (IDE, terminal, browser viewing website hosted on VPN) that were previously communicating with services hosted on the VPN can automatically spring back to life*.

2. Choppy, unstable internet connectivity. User runs openfortivpn on a laptop that just so happens to be using a choppy, unstable network route to reach the VPN causing packets sent to/ received from this VPN to be dropped more frequently than usual. Examples of this include traveling on the bus or train while the laptop is tethered to the mobile internet data hotspot on a mobile phone. As such, connectivity to the VPN is unstable and disconnections happen frequently. For instance, when the train goes underground for a moment, internet connectivity is lost. Or when the bus passes through the boundary between two cell towers' max range to cause a re-assignment of cell tower on his mobile phone that's running the hotspot. It would be nice in these instances if openfortivpn continuously attempts to reconnect with the VPN it was previously connected to so that the rest of his applications (IDE, terminal, browser viewing website hosted on VPN) that were previously communicating with services hosted on the VPN can automatically spring back to life*.

* Assuming these applications continuously attempt reconnecting with the services they were interacting with on the VPN.

My experience so far:

12 Oct:
Use-case 1. Toggled wifi on Mac OS on & off.
Result: openfortivpn did not reconnect to VPN.

13 Oct:
Use-case 2. Travelled to university. Internet connectivity switched from home wifi to mobile hotspot to university wifi (total of 2 gateway switches).
Result: Success. Openfortivpn reconnects successfully to VPN on both gateway switches.

[DimitriPapadopoulos]

Not all use cases are equivalent. They should be addressed separately, each one in its ticket.

Switching the WiFi off/on is quite different from a choppy, unstable internet connection. My experience with choppy, unstable internet connections is that there is a timeout somewhere in lower network layers, dependent on the machine and in my case around 30 s. With network blackouts below below that timeout, missing packets are re-received and resent, and openfortivpn does not even notice or have to reconnect. It just takes time for all packets in these lower layers to be re-sent, which means the network appears to be frozen, perhaps for up to 30 s in addition to the initial 30 s of the network blackout.

Attempting to address all the different problems in a single ticket will only create confusion.