Am 14.06.21 um 02:24 schrieb Antonio Quartulli:
> @Arne, ideas?
>
Yes. When reneg-sec is below 60 or 120 (would need to double check), you
need that value on both server and client since otherwise the timeouts
for changing active keys mismatch as the value is 60s normally but
changes if reneg-sec goes below that value.
> I start the server this way:
>
> ${OVPN} \
> --server 10.10.0.0 255.255.255.0 \
> --dev tun \
> --cipher AES-256-GCM \
> --peer-fingerprint ${FP} \
> --cert ${CERT} --key ${KEY} \
> --verb 3 --dh none --auth-user-pass-verify auth.sh via-env
> --script-security 3
>
> and the client this way:
>
> ${OVPN} --dev tun --client --remote 10.10.10.1 \
> --cipher AES-256-GCM \
> --peer-fingerprint ${FP} \
> --cert ${CERT} --key ${KEY} --verb 3 --reneg-sec 20 --auth-user-pass
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
