Hi On Mon, May 4, 2020 at 8:51 AM Dajka Tamás <vi...@vipernet.hu> wrote:
> Hi, > > > > is it possible to disable „auth-nocache” in the client by a PUSH message? > I mean, if the „auth-nocache” is SET in the client.conf to „reenable” > credentials caching. What’s the logic behind? When we deployed the clients > we did set ’auth-nocache’ as a security measurement. However, we want to > use auth-token now beside OTP, but changing all the clients will take some > (unneeded) time. > A patch that automatically removes auth-nocache when an auth-token is pushed has been merged to 2.4 and master a long while ago. It should be in recent 2.4 releases. > > > Secondly, is it allowed/possible to set „reneg-sec” by a PUSH message? > (reneg-sec is not set currently in the client.conf, has the default value > of 3600) > I think its not pushable. What I do is to set reneg-sec 0 on client so that the value on server gets used. Effective reneg-sec is determined by the lowest value in server and client with zero meaning "infinity" allowing the server to control the actual value. Selva
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
