Hi, On 14/06/2021 15:58, Arne Schwabe wrote: >> At this point I'd ask, why not re-moving/ignoring --hand-window entirely >> and live with the 60s default? > > > That is one of the many question why so many protocol things in OpenVPN > are finetunable in the first place. We can certainly add warnings when > setting these saying that this option should be only used for debugging. > And do the same for reneg-sec when set < 120 (or more accurately > 2*hand-window)
When a knob is there, no matter if for debugging or not, people will just use it. It may break things, which may create rumors, which may create support overhead. IMHO going with well declared constant values (i.e. in a nicely commented header file), which can be easily tweaked by a developer before recompiling the OpenVPN, are more than enough for debugging (check [1] for an example). This way you clearly make the bar for shooting yourself in the foot high enough so that only skilled snipers can do that. Cheers, [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/batman-adv/main.h -- Antonio Quartulli _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
