the --float option seems to be interesting! Help me understand one scenario. If I want to transfer a VPN session from one VPN server to another, keeping the same openvpn process running at the client side, then will the "--float" option help? If not float, then is there any other method? We'll surely have to transfer/share authentication parameters from primary VPN server to secondary VPN server. I'm not sure what will be these authentication parameters exactly, (the things generated by easy-rsa package should be one) maybe you guys can help!?
On Fri, Feb 19, 2016 at 11:07 PM, Gert Doering <g...@greenie.muc.de> wrote: > Hi, > > On Fri, Feb 19, 2016 at 07:02:21PM +0530, Shubham Chauhan wrote: > > I am currently working on a project that requires SSL VPN to use session > > resumptions. > > > > I need to add the TLS Session Resumption functionality to OpenVPN. Any > > starters as in how I could achieve this? > > I know about the SSL_OP_NO_TICKET flag added to disable the resumption > > process. Will deleting it from the code enable SSL resumption > automatically? > > Unless I'm misunderstanding the lore, there are so many lurking risks in > SSL session resumption that we're just not doing this, period. > > With peer-id TLS floating, there is not any need for it in OpenVPN anyway. > > gert > > > -- > USENET is *not* the non-clickable part of WWW! > // > www.muc.de/~gert/ > Gert Doering - Munich, Germany > g...@greenie.muc.de > fax: +49-89-35655025 > g...@net.informatik.tu-muenchen.de > -- Regards Shubham Chauhan 2013099 B.Tech CSE
