Hi, On Mon, Jun 14, 2021 at 10:30 AM Antonio Quartulli <a...@unstable.cc> wrote:
> On 14/06/2021 16:26, Arne Schwabe wrote: > > Put on the agenda for community meeting to decide if we want to > > deprecate hand-window compeletely and reneg-sec under < 120? > > > > Good idea! will do! > I used to have some remote clients on low bandwidth high latency (and often erratic) satellite link for which the initial handshake was pretty taxing on the network. Like 15 to 30 seconds to complete the handshake on good days. But the tunnel stayed up most of the time once connected, even through desert storms[1] that adversely affect the up link. Renegotiation seldom failed probably because tran-window is long by default. Since then I generally set --hand-window to 120, though not sure such a large value was ever really required or helped. Saying this only to point out there may be some situations where an option to increase the handshake timeout is useful. For reneg-sec I don't think there is any strong reason to allow arbitrarily low values. Even 120 sec is useful only for testing purposes. Selva [1] The client was in a remote mining site with harsh weather.
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
