FreshTomato Wiki

User Tools

Site Tools

Trace:
vpn-server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
vpn-server [2023/09/12 19:50] – [A warning about certificates] -capitalize subhead hogwildvpn-server [2024/04/11 00:50] (current) – [Adding Certificate Revocation Lists] -formatting hogwild
Line 232: Line 232:
  
 (Ref. OpenVPN "--data-ciphers") (Ref. OpenVPN "--data-ciphers")
 +
 + \\
  
  
Line 251: Line 253:
  
  
-==== TLS renegotiation time ====+==== TLS Renegotiation Time ====
  
 This specifies how many seconds (//n//) will pass before OpenVPN renegotiates the data channel key (Default=3600). When using dual-factor authentication, the default value may cause the end user to be asked to reauthorize once per hour. This specifies how many seconds (//n//) will pass before OpenVPN renegotiates the data channel key (Default=3600). When using dual-factor authentication, the default value may cause the end user to be asked to reauthorize once per hour.
  
 This option can be used on both client and server. Whichever host uses the lower value will trigger the renegotiation. It's a common mistake to set this parameter to a higher value on either the client or server, while the other end is still using the default value. In this case, renegotiation will still occur once every 3600 seconds. The solution is to increase// –reneg-sec// on both client and server, or set it to "0" (disabled) on one side of the connection, and to your preferred value on the other side. This option can be used on both client and server. Whichever host uses the lower value will trigger the renegotiation. It's a common mistake to set this parameter to a higher value on either the client or server, while the other end is still using the default value. In this case, renegotiation will still occur once every 3600 seconds. The solution is to increase// –reneg-sec// on both client and server, or set it to "0" (disabled) on one side of the connection, and to your preferred value on the other side.
 +
  
 ==== Manage Client-Specific Options ==== ==== Manage Client-Specific Options ====
Line 417: Line 420:
  
  \\  \\
 +
 + \\
 +
 +
 +==== OpenVPN Server Won't Start When EasyRSA3 used ====
 +
 +In some cases when you've generated server certificate/keys using EasyRSA 3, the server may not start. This can be happen when the server certificate requires a password but there was no way to provide it. In such cases, you should regenerate the certificate/key using the the EasyRSA "nopass" option. Doing this should allow the OpenVPN Server to start properly.
  
  
vpn-server.1694544648.txt.gz · Last modified: 2023/09/12 19:50 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki