Hi, How can I shorten the time for the initial TLS handshake without having to change hand-window in all client configurations?
I have a setup where I have two IP addresses for the vpn server in a RR DNS entry. Most of the time one of them should not be used as it is on an expensive metered LTE link. However, if the resolver picks that ip first and it is firewalled off, the client waits a minute or more before trying the second IP, which is not a great user experience. Is there a way to reject the connection with an instruction to the client to try the next server? The connection is UDP, if that matters. I've tried sending ICMP route administratively prohibited from the firewall, but either i did it wrong, or it doesn't really help. I have also tried rejecting the user by returning non zero from a client-connect script but that throws an authentication error to the user and never retries the second IP. any other ideas? Thank you, _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
