-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/08/14 15:20, Gert Doering wrote:
>> What is CPU intensive is when asymmetric encryption comes into >> play, with the key exchanges and other negotiations etc. > > slow, but used much more seldom... assuming VPN clients that stay > connected for a reasonable amount of time, and transfer "enough" > data. True ... until you restart a busy server. Then you'll get a busy peak, and unless --reneg-* options is disabled, you'll have these peaks fairly regularly. Which actually makes me ponder even more, regarding the SSL state manager. If OpenVPN is killed with a "restart" signal, could it encrypt the saved state and dump to file (keying material could be the server --key, or another explicit key for this feature). When it is started again, it will read and decrypt this file and continue without re-init of all SSL clients .... but it may actually fail, especially for TCP, depending on if there are any tight relations to the client ports. /me should stop thinking so much - -- kind regards, David Sommerseth -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlPidg8ACgkQDC186MBRfrqW3ACfY1h8U+7rArIwdk4ndMnRlr/E tgwAnA9wsEOo4QmlTfCEf2LYOHVOau+9 =1JWY -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
