On 19/07/17 23:47, Geert Lorang wrote:
> On 18/07/2017 10:45, Gert Doering wrote:
>> This is most likely not a "2.3 -> 2.4" regression, but "old 2.3.x to
>> more recent version".
>>
>> As the default cipher (BF-CBC) is considered weak today, if you do not
>> renegotiate your keys ever so often, new
On 18/07/2017 10:45, Gert Doering wrote:
This is most likely not a "2.3 -> 2.4" regression, but "old 2.3.x to
more recent version".
As the default cipher (BF-CBC) is considered weak today, if you do not
renegotiate your keys ever so often, newer 2.3.x versions and 2.4 will
set "reneg-bytes 64MB"
Hi,
On Mon, Jul 17, 2017 at 06:17:38PM +0200, Geert Lorang wrote:
[..]
> As soon as you start downloading some big(ger) files which utilize the
> VPN quite heavily OpenVPN will prompt again for credentials after 1-5
> minutes and our users have to re-authenticate with their token as we use
> a
On 17/07/17 18:17, Geert Lorang wrote:
> Hi,
>
> Since Ubuntu 17.04 came out a few of our users have upgraded their
> OpenVPN client to 2.4 but this seems to break compatibility with our
> server which is still on 2.3 (latest Debian Jessie). I can reproduce
> this problem on Windows as well with l
On 17/07/17 17:17, Geert Lorang wrote:
Hi,
If needed I can provide the entire configs.
configs and logs at --verb 4 (sanitized)
In advance of that, are you using (default) --cipher BF-CBC ?
because that will force renegotiation after 64MB data.
regards
Hi,
Since Ubuntu 17.04 came out a few of our users have upgraded their
OpenVPN client to 2.4 but this seems to break compatibility with our
server which is still on 2.3 (latest Debian Jessie). I can reproduce
this problem on Windows as well with latest 2.4.3.
As soon as you start downloading