On Aug 24, 2016 at 2119 +0200, Akendo appeared and said: > The openvpn configuration includes a keepalive parameter with following > values: 10 120 > > you think this is sufficient? Whereby I'm uncertain about the function > in OpenVPN in regards to your statement.
OpenVPN uses the keepalive parameter to determin if the remote end is still reachable. It is usually used to tune OpenVPN tunnels to lossy or high latency network links. This means that it is different from Apache's implementation. In order to protect your OpenVPN setup I suggest using the ciphers discussed in the Bettyrcrypto guide (AES is a good choice). Furthermore I recommend - using the shared key created by "openvpn --genkey --secret" to lock out scans, - using X.509 keys and certificates with a private CA (the only option which can take advantage of perfect forward secrecy). Cheers, René. -- )\._.,--....,'``. fL Let GNU/Linux work for you while you take a nap. /, _.. \ _\ (`._ ,. R. Pfeiffer <lynx at luchs.at> + http://web.luchs.at/ `._.-(,_..'--(,_..'`-.;.' - System administration + Consulting + Teaching - Got mail delivery problems? https://web.luchs.at/information/blockedmail.php Warning: Do _NOT_ send emails with HTML content to my address! No guarantees!
signature.asc
Description: PGP signature
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
