Hi, On 14/06/2021 02:56, Arne Schwabe wrote: > Am 14.06.21 um 02:24 schrieb Antonio Quartulli: >> @Arne, ideas? >> > > Yes. When reneg-sec is below 60 or 120 (would need to double check), you > need that value on both server and client since otherwise the timeouts > for changing active keys mismatch as the value is 60s normally but > changes if reneg-sec goes below that value.
Isn't it relevant that the server is able to fix itself in around 5/6 seconds? It does not need to wait for the full 60s to get back in sync. >From the log it also seems like the key with the new ID has been installed, but the state has not been switched. Regards, -- Antonio Quartulli _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
