On 30/06/2022 12:37, Connor Edwards via Openvpn-users wrote:
Hello,
We are looking into using auth-gen-token on our new VPN server which
will be using version 2.5.5. However, we've noticed that the behaviour
of auth-gen-token has changed and our clients are being kicked off every
hour which corresponds with the renegotiation interval (3600 secs).
>127.0.0.1:57748 <http://127.0.0.1:57748> --auth-token-gen: auth-token
from client expired
On our existing VPN server which uses 2.4.7, clients are able to stay
connected up to 12 hours with an auth token and this is not affected by
the renegotiation interval. In 2.5.0 an additional auth token check was
added that seems to limit the token lifetime to as long as the
renegotiation interval, but we don't understand what this is for.
It's a long while since I dug into the auth-gen-token code paths, but I
have some vague memories we did quite some enhancements on that feature
in OpenVPN 2.5.
I recommend you to have a look at the man page, that should be
up-to-date. In particular the 'lifetime' argument would be relevant for
you.
<https://build.openvpn.net/man/openvpn-2.5/openvpn.8.html>
Which version of OpenVPN are your clients running?
--
kind regards,
David Sommerseth
OpenVPN Inc
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
