Hi, On Thu, May 25, 2023 at 05:39:10PM +0200, Arne Schwabe wrote: > Am 09.05.2023 um 17:46 schrieb Gianmarco De Gregori: > > - bool persist_key; /* Don't re-read key files on SIGUSR1 or > > PING_RESTART */ > > The downside of always enabling this option is that you can no longer > replace the certificate and key without restarting the server completley.
We discussed this, and wondered if anyone is actually doing this.
So, are you aware of anyone doing this? Is there a reason I'm overlooking
why this is substantially better than "just do a full restart when changing
any part of the config (including keys, even if residing in separate files)"?
Hard restart should be about as fast as full SIGUSR1 restart - "wait for
EEN to be delivered, close everything, exit()" vs. "close everything,
re-read key files, reopen tun, ..."
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
