Community discussions

MikroTik App
 
User avatar
pants6000
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 86
Joined: Fri Sep 26, 2014 5:30 am

Feature request: add reneg-sec option to openvpn server config

Tue Oct 26, 2021 6:21 pm

Please add "reneg-sec" config option to the ROS openvpn server.

I have openvpn clients without access to their configuration; without being able to set "reneg-sec" on either side, clients will disconnect & reconnect every hour. Setting reneg-sec = 0 on the server should allow connections to stay up indefinitely.

--reneg-sec n
    Renegotiate data channel key after n seconds (default=3600).When using dual-factor authentication, note that this default value may cause the end user to be challenged to reauthorize once per hour.

    Also, keep in mind that this option can be used on both the client and server, and whichever uses the lower value will be the one to trigger the renegotiation. A common mistake is to set --reneg-sec to a higher value on either the client or server, while the other side of the connection is still using the default value of 3600 seconds, meaning that the renegotiation will still occur once per 3600 seconds. The solution is to increase --reneg-sec on both the client and server, or set it to 0 on one side of the connection (to disable), and to your chosen value on the other side.

Who is online

Users browsing this forum: AmazonAWS [Bot], gkl1368 and 17 guests