On Sun, 13 Oct 2013 16:17:00 +1300, Michael Ludvig <mlud...@logix.net.nz>
wrote:

> On 13/10/13 06:03, Davide Brini wrote:
> > On Wed, 09 Oct 2013 00:26:45 +1300, Michael Ludvig
> > <mlud...@logix.net.nz> wrote:
> >
> >> Tue Oct  8 23:08:40 2013 Initialization Sequence Completed
> >> Wed Oct  9 00:08:38 2013 TLS: soft reset sec=0 bytes=38258/0 pkts=718/0
> >> Enter Auth Username:^C
> > Why are you hitting ctrl-C here? this is precisely where you have to
> > re-enter the credentials to keep the connection going.
> 
> I don't want it stay connected and don't drop in the first place.
> Reauthenticating every hour is not an option.

Then don't use "auth-nocache", but it really depends on what you want to
achieve. You could also raise the renegotiation interval to some very large
value, larger than any connection is ever likely to last, so renegotiation
doesn't occur after just one hour (which is the default).

Note that reauthentication happens anyway when the renegotiation interval
expires, but normally you don't notice since the credentials are cached
and openvpn automatically sends them to the server without user
interaction. Since you're telling it to not cache the credentials, you are
prompted again to re-enter them.

You mentioned OTP: is the user only supposed to enter the OTP only once
when they connect, or do they have to periodically re-enter a new password
while the connection is running? I seem to understand it's the former, in
which case you don't need auth-nocache.

(reauthentication with auth-nocache could also be performed automatically
using the management interface and having an application managing it, but
it's not clear whether this use case applies to your scenario).

-- 
D.

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to