I've just recently converted my OVPN TCP tunnels to OVPN UDP and I've noticed that after almost exactly an hour my OpenVPN clients get a hard error that requires the user to click OK and then manually reconnect. Multiple clients are experiencing the same issue.
If the connection timed out and automatically reconnected it would have been better, but because it throws an error it requires user intervention every hour which is really annoying.
Connect time 15:13:38
Sigterm[soft,remove-exit] 16:14:22
Using OpenVPN GUI v11.25.0.0 on the client PC.
Server settings:2022-07-06 15:13:21 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-07-06 15:13:21 OpenVPN 2.5.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 17 2021
2022-07-06 15:13:21 Windows version 10.0 (Windows 10 or greater) 64bit
2022-07-06 15:13:21 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
Enter Management Password:
2022-07-06 15:13:21 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2022-07-06 15:13:22 TCP/UDP: Preserving recently used remote address: [AF_INET]<SERVERIP>:1194
2022-07-06 15:13:22 UDP link local: (not bound)
2022-07-06 15:13:22 UDP link remote: [AF_INET]<SERVERIP>:1194
2022-07-06 15:13:22 [ecoCA2021] Peer Connection Initiated with [AF_INET]<SERVERIP>:1194
2022-07-06 15:13:33 open_tun
2022-07-06 15:13:33 tap-windows6 device [OpenVPN TAP-Windows6] opened
2022-07-06 15:13:33 Set TAP-Windows TUN subnet mode network/local/netmask = 10.0.0.0/10.0.0.4/255.255.255.0 [SUCCEEDED]
2022-07-06 15:13:33 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.0.4/255.255.255.0 on interface {4BE91EE1-CDDB-4FC8-BBF0-6AC460A016D0} [DHCP-serv: 10.0.0.254, lease-time: 31536000]
2022-07-06 15:13:33 Successful ARP Flush on interface [11] {4BE91EE1-CDDB-4FC8-BBF0-6AC460A016D0}
2022-07-06 15:13:33 IPv4 MTU set to 1500 on interface 11 using service
2022-07-06 15:13:38 Initialization Sequence Completed
2022-07-06 16:14:22 SIGTERM[soft,remote-exit] received, process exiting
port 1194
mode ip
protocol udp
netmask 24
max MTU 1500
keepalive timeout 60
certificate
require-client-certificate yes
tls version only v1.2 (I tried any before and it made no difference)
Auth sha1
cipher aes256
ppp profile settings:
-------------------------
session timeout - not set
idle timeout - not set
client.ovpn
--------------
client
proto udp
remote <SERVERIP> 1194
resolv-retry infinite
dev tun
ca ca.crt
cert client.crt
key client.key
tls-client
nobind
persist-key
persist-tun
cipher AES-256-CBC
auth SHA1
auth-nocache
auth-user-pass auth.txt
route ...