Hi, On Sat, Dec 17, 2016 at 01:23:53PM +0100, David Sommerseth wrote: > On 17/12/16 11:13, Gert Doering wrote: > > (Main reason we can't stick to BF-CBC is that we use OTP passwords and > > with "reneg-bytes 64M" it's asking way too often for user+password...) > > And to avoid any --reneg-bytes issues, there is the new > --auth-gen-token in OpenVPN v2.4, which will help. The v2.4 man page > carries the gory details too.
I definitely need to test this, but I seem to remember that this
conflicted with --auth-nocache on the client side, which we have
rolled out (because we do want to see a new OTP every 8 hours)...
Anyway, the --auth-gen-token stuff is cool, and as usual, there is
more than one way to do it :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
