Just out of curiosity, what do you mean by - do not combine with async auth plugins as of "now"?
Also, is this issue - https://forums.openvpn.net/viewtopic.php?p=83437 still present with iPhones? -Shreyas On Mon, Nov 9, 2020 at 6:56 AM Gert Doering <g...@greenie.muc.de> wrote: > Hi, > > On Mon, Nov 09, 2020 at 10:44:20AM -0300, Leonardo Rodrigues wrote: > > Em 09/11/2020 06:32, Olivier CALVANO escreveu: > > > I have a problem on a recent OpenVPN installation, the server asks > > > clients to re-authenticate every hour, whether there is activity on > > > the tunnel or not. > > > > > > How can I fix this problem? > > > > is this causing any problem ? Because it should not. Renegotiation > > should just happen on the background and, despite on the logs, shouldn't > > be noticed at all by the tunnel traffic. > > If you authenticate with a one-time-password setup (2FA), you need to > enter a new password on every single key renegotiation, because the server > will do a full re-auth. > > To improve on that, run the server with --auth-gen-token (with a reasonable > token lifetime). But do not combine with async auth plugins as of "now". > > gert > > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never > doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh > Mistress > > Gert Doering - Munich, Germany > g...@greenie.muc.de > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users >
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
