On Aug 24, 2016 at 2127 +0200, Hanno Böck appeared and said: > On Wed, 24 Aug 2016 21:19:07 +0200 > Akendo <[email protected]> wrote: > > > The openvpn configuration includes a keepalive parameter with > > following values: 10 120 > > > > you think this is sufficient? Whereby I'm uncertain about the function > > in OpenVPN in regards to your statement. > > I have no idea what keepalive means in the context of OpenVPN. My > suggestion was regarding http. > > Honestly I only learned that openvpn basically uses its own crypto > quite recently. I don't really understand why they don't simply use > TLS. Probably an interesting research project to look closer into this.
I believe it's because they have to deal with long-lived VPN connection that "feature" packet loss. OpenVPN implements the transport via UDP (although TCP can be used, too). The implementation pre-dates QUIC and DTLS (initial release of OpenVPN was 2001). I volunteer to help for the closer look since I use OpenVPN extensively. Cheers, René. -- )\._.,--....,'``. fL Let GNU/Linux work for you while you take a nap. /, _.. \ _\ (`._ ,. R. Pfeiffer <lynx at luchs.at> + http://web.luchs.at/ `._.-(,_..'--(,_..'`-.;.' - System administration + Consulting + Teaching - Got mail delivery problems? https://web.luchs.at/information/blockedmail.php Warning: Do _NOT_ send emails with HTML content to my address! No guarantees!
signature.asc
Description: PGP signature
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
