OpenVPN – Adjust inactivity logout

Last Updated: February 18th, 2020Published On: October 24th, 2019By

The following is set by default on OpenVPN:

inactive 0

–inactive n [bytes]

Causes OpenVPN to exit after n seconds of inactivity on the TUN/TAP device. The time length of inactivity is measured since the last incoming or outgoing tunnel packet. The default value is 0 seconds, which disables this feature.
If the optional bytes parameter is included, exit if less than bytes of combined in/out traffic are produced on the tun/tap device in n seconds.

In any case, OpenVPN’s internal ping packets (which are just keepalives) and TLS control packets are not considered “activity”, nor are they counted as traffic, as they are used internally by OpenVPN and are not an indication of actual user activity.

So if you wanted to disconnect clients after an hour you could set:

inactive 3600

Alternatively you can actually specify the amount of bytes transferred before a timeout is triggered.

You can specify the options by directly adding the option in the client certs or by trying this in the custom options of the VPN Server:

push “inactive 3600”


Categories: Blog, Product SpecificTags: Views: 4660