Disable persist-tun for openvpn

This should solve the issue where RHEL7 machines that get a network
hiccup need an OpenVPN restart to restore their routes.

The code is broken in the current upstream OpenVPN release, such that
it does tear down some of the routes during a ping-restart (when the
connection is dropped due to network hiccups), but the reconnection
code does not restore the routes.
I am working on an upstream patch to fix this, but in the meantime
disabling persist-tun will make sure that OpenVPN does the entire
initialization upon reconnection, which makes sure that all routes
are created.

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

3 files changed, 0 insertions, 3 deletions

diff --git a/files/openvpn/client.conf b/files/openvpn/client.conf
index d274e72ac..abb5d03d1 100644
--- a/files/openvpn/client.conf
+++ b/files/openvpn/client.conf
@@ -13,7 +13,6 @@ resolv-retry infinite
 nobind
 
 persist-key
-persist-tun
 
 ca ca.crt
 cert client.crt
diff --git a/roles/openvpn/client/files/client.conf b/roles/openvpn/client/files/client.conf
index d274e72ac..abb5d03d1 100644
--- a/roles/openvpn/client/files/client.conf
+++ b/roles/openvpn/client/files/client.conf
@@ -13,7 +13,6 @@ resolv-retry infinite
 nobind
 
 persist-key
-persist-tun
 
 ca ca.crt
 cert client.crt
diff --git a/roles/openvpn/server/files/server.conf b/roles/openvpn/server/files/server.conf
index c824b12dd..3ba8fab11 100644
--- a/roles/openvpn/server/files/server.conf
+++ b/roles/openvpn/server/files/server.conf
@@ -6,7 +6,6 @@ comp-lzo
 
 ping-timer-rem
 
-persist-tun
 persist-key
 
 ca ca.crt