Hi, >>> The failure was a misadjusted time. The clients has the time 1970, >>> but the certificate is valid beginning 15. March 2014. >> [....] >> >> This has been discussed in our developer meetings in #openvpn-devel >> and we recognise that in some environments this could be somewhat >> useful. But we consider the related security aspect around doing this >> to be far worse than the real usability of such a feature. >>
> your right. This is a security leak, but i personally prefer have the > possibility to > switch off this "security feature" - only for debug proposals or maintanance > situations. > If so I would like to be able to disable it for just 1 client via a ccd file for instance. That way I do not have to restart the entire service and would not compromise any other connection. > In my case, the device has no hardware-clock on board (embedded computer) > and the crond daemon does not works. No i fixed it (with driving 4 hours on > highway), but when i had the possibility to disable this feature temporarly, > i > would spend this lost time and could repare this bug on client side. The problem with this you almost have to know that the time is the problem before knowing to use the feature, if David does decide to implement it. But like David wrote, please put at least a ntp client on the machine. Most (s)ntp clients will keep track of the ntp server and you do not need crond for that. The SNTP feature is present in a lot of embedded systems these days. Bonno Bloksma ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
