Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'reneg-sec 0' is not a good idea, and is not necessary in OpenVPN >= 2.4 #39

Open
wrossmann opened this issue Mar 19, 2021 · 1 comment
Open

'reneg-sec 0' is not a good idea, and is not necessary in OpenVPN >= 2.4 #39

wrossmann opened this issue Mar 19, 2021 · 1 comment

Comments

@wrossmann
Copy link

Setting your tunnel to never renegotiate is a security problem for long-running tunnels, and OpenVPN added the auth-gen-token config parameter specifically for cases like OTP authentication. In short, after authentication OpenVPN will generate a token to be used for renegotiation in place of re-sending the username and password.

Please add a mention of auth-gen-token for OpenVPN >= 2.4 in the README.
@wrossmann wrossmann changed the title 'reneg-sec 0` is not a good idea, and is not necessary in OpenVPN >= 2.4 'reneg-sec 0' is not a good idea, and is not necessary in OpenVPN >= 2.4 Mar 19, 2021
@evgeny-gridasov
Copy link
Owner

Thanks Wade,
Would you like to raise a PR to add that?
I don’t want to take credit for other people’s contributions.
Alternatively, I could make that change myself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@evgeny-gridasov @wrossmann