On Thu, 8 Jun 2017 10:36:13 +0200 Gert Doering <g...@greenie.muc.de> wrote:
> > Is there an option to run a peer to peer tunnel which is up (tun > > devices are there), but remains completely silent and only becomes > > active when data is routed through the tunnel? So no keepalive, no > > initializing. > > > > IOW: a sort of encrypted version of an ipip tunnel. I think I can do > > the trick using OpenSWAN (not sure), but I prefer OpenVPN. > > If you do a peer-to-peer tunnel with static key, and no keepalive > configured, this is what it will do. I can set ping-restart to 0 to disable this function, but settin ping to 0 just puts the ping back to the default of 10 sec. And the keepalive option is AFAIUI just a wrapper for ping and ping-restart. I cannot see how to disable the ping function. > If you do TLS without keepalive, I think it will renegotiate ever so > often (like, every 12 hours) so you'll see marginal traffic even if > there is no activity - on the other side, the security level of TLS > is much better, so "static key" is not really recommended. Ok, but better than an ipip tunnel ;-) And there are firewall rules to protect OpenVPN, it's just a real PtP VPN between two fixed ip's. -- richard lucassen http://contact.xaq.nl/ ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
