On Wed, Jan 25, 2017 at 12:28:25PM -0800, Scott Crooks wrote:
> 2. Does having `auth-nocache` on the client side conflict with
> `auth-gen-token` ? Do I need to remove `auth-nocache` from the client side
> to utilize the benefits of `auth-gen-token` ?

As far as I understand (and I have not found time to actually *test* this
new stuff for my own setups), you need to remove "auth-nocache".

The token sent from the server effectively "un-caches" the username and
password set by the user anyway, replacing it with the token.

I'm not totally sure what happens when the token expires and the
next renegotiation is due - will the client prompt, or just give up
and disconnect.  Definitely worth a test.


USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             g...@greenie.muc.de
fax: +49-89-35655025                        g...@net.informatik.tu-muenchen.de

Attachment: signature.asc
Description: PGP signature

Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
Openvpn-users mailing list

Reply via email to