|
|
Hi, > Remember that the TLS timeout only applies to data sent over > the TLS control channel, which is generally only during the > TLS key negotiation process. So there could be long periods > of time when no TLS requests are being forwarded. Yes, the default (--reneg-sec n) is 3600 seconds. > It might make more sense to have a flag that would tell > OpenVPN to exit if the TLS handshake fails. Yes, it does :) I hope to understand the TLS-handshake better now. After (--reneg-sec n) 3600 seconds the Server tries to do a handshake with the client. If the peer disappeared the (--tls-timeout n) Timer will try to reach the peer every 2 seconds by default. After (--hand-window n) 60 seconds (default) the server tries to reconnect. So it would be very fine when openvpn (in server mode) drops the connection after the TLS handshake fails. Thanks a lot ! 73 Jann > James ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |