On 13/10/13 21:23, Davide Brini wrote: > On Sun, 13 Oct 2013 16:17:00 +1300, Michael Ludvig <mlud...@logix.net.nz> > wrote: > >> I want it stay connected and don't drop in the first place. >> Reauthenticating every hour is not an option. > Then don't use "auth-nocache",
I must for OTP. The credentials are valid for one auth attempt only. > You could also raise the renegotiation interval to some very large > value, larger than any connection is ever likely to last, so renegotiation > doesn't occur after just one hour (which is the default). That may work... > Note that reauthentication happens anyway when the renegotiation interval > expires Is that right? Well that would explain it... Why does it reauthenticate? As far as I know SSH for example doesn't reauthenticate when rekeying...? > You mentioned OTP: is the user only supposed to enter the OTP only once > when they connect, or do they have to periodically re-enter a new password > while the connection is running? I seem to understand it's the former, in > which case you don't need auth-nocache. The cached OTP won't succeed on subsequent auth attempts. That's why we have to use auth-nocache to force OpenVPN to ask for a new OTP. I'll give raising the reneg interval a try. Thanks for the hint! Michael ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
