I have tried the 'hand-window' option. It works for the client config but the
server side still times out after about 3 minutes or (180 seconds). So it is
something on the server side that needs to be disabled I think.
Date: Thu, 1 Jan 2015 13:16:42 +0100
From: janj...@nikhef.nl
To: bird_...@hotmail.com; openvpn-users@lists.sourceforge.net
Subject: Re: [Openvpn-users] Testing with large keys
On 26/12/14 23:48, jack seth wrote:
I am trying to out my config using 16384 size
keys. I am using my working config except for substituting my
large keys (still using the same ta.key though). I am getting a
'inactivity timeout' from the server after about 3 minutes
during the TLS handshake. I have read it will take longer to
negotiate with these large keys. How can I extend or disable
this timeout on the server?
why anyone would (yet) bother with 16384 bit keys is a mystery to
mee (4096 bit should suffice for the next few years) but I guess
you're looking for the
hand-window N
option, where the default value for N is 60 (seconds); increase this
to a larger value to see if that helps.
I would expect the session to die after 1 hour though, as key
renegotiation will also take (too) long.
HTH,
JJK
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
