On 05/04/17 16:42, debbie10t wrote: > > > On 05/04/17 05:34, Simon Matter wrote: >>>> Hi, >>>> >>>> On Tue, Apr 04, 2017 at 08:29:49AM +0200, Simon Matter wrote: >>>>> Interesting to see that there is zero interest in this patch here. >>>> >>>> This is a misinterpretation. >>>> >>> >>> Hi Gert, >>> >>> Thanks for the explanation, I'll be patient then :) >>> >>> If it's preferred for the patch to keep it even simpler and compatible the >>> current configs, it could be broken down to something like this in init.c: >> >> I've attached v2 now which works without any config change: >> >> --reneg-sec n >> Renegotiate data channel key after n seconds (default=3600). >> >> Note that the effective value used here is a per session pseudo- >> randomized 25% of n deducted from n. With the default value of >> 3600 this results in an effective per session value in the range >> of 2701 ... 3600 seconds. >> > > > A different approach could be like so: > > --reneg-sec 3600 > --reneg-sec-1sttime-rand 1|0 (The name here for detail)
Too complicated ;-) --reneg-sec # 60 minutes, with X % in randomness --reneg-sec 1800 # 30 minutes, with X % in randomness (X is what we figure is reasonable by default; between 10-25%) --reneg-sec 3600 30 # 60 minutes, 30% randomness --reneg-sec 1800 0 # 30 minutes, no randomness This won't break any configurations and gives full flexibility without adding new options (which we really try to avoid). -- kind regards, David Sommerseth OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel