On 06/04/17 11:26, David Sommerseth wrote:
> With the 1 hour default, not setting --reneg-sec gives a time window of > 6 minutes with 10%. That is a reasonable default unless explicitly > overridden by either --reneg-sec 3600 (no randomness) or --reneg-sec > 3000 4000 (with a 1000 seconds large time window) I still believe this approach is wrong. You are changing the meaning of an operand depending on the number of operands and changing the function of the directive depending on number of operands and if the directive is explicitly specified or not. This is equivalent to: (no --server specified) = --server 10.8.0.0 255.255.255.0 vs --server subnet mask (pool determined by default) vs --server *pool* subnet mask And so I re-submit my protest! The syntax for --reneg-sec should be "--reneg-sec seconds window" where "--reneg-sec 3600" is as it is now ! where "--reneg-sec 3600 360" is as now with a 10% window of random. Not specifying --reneg-sec at all should *not* imply a default window, it should remain as it is now. Additionally, "window" *could* be + or - allowing for window to be applied at the beginning of the session or at the end of the session. Also, IMO this should be first-run *only* I am sorry David but you have not changed my mind, although the decision is, of course, down to the devs. my2c regards ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
