This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
vpn-server [2023/09/12 19:50] – [A warning about certificates] -capitalize subhead hogwild | vpn-server [2023/09/12 19:51] – [TLS renegotiation time] -captialize subhead hogwild | ||
---|---|---|---|
Line 251: | Line 251: | ||
- | ==== TLS renegotiation time ==== | + | ==== TLS Renegotiation Time ==== |
This specifies how many seconds (//n//) will pass before OpenVPN renegotiates the data channel key (Default=3600). When using dual-factor authentication, | This specifies how many seconds (//n//) will pass before OpenVPN renegotiates the data channel key (Default=3600). When using dual-factor authentication, | ||
This option can be used on both client and server. Whichever host uses the lower value will trigger the renegotiation. It's a common mistake to set this parameter to a higher value on either the client or server, while the other end is still using the default value. In this case, renegotiation will still occur once every 3600 seconds. The solution is to increase// –reneg-sec// | This option can be used on both client and server. Whichever host uses the lower value will trigger the renegotiation. It's a common mistake to set this parameter to a higher value on either the client or server, while the other end is still using the default value. In this case, renegotiation will still occur once every 3600 seconds. The solution is to increase// –reneg-sec// | ||
+ | |||
==== Manage Client-Specific Options ==== | ==== Manage Client-Specific Options ==== |