ping-exit 30auth-nocache ns-cert-type server
Causes OpenVPN to exit after n seconds pass without reception of a ping or other packet from remote. This option can be combined with --inactive, --ping, and --ping-exit to create a two-tiered inactivity disconnect.For example,openvpn [options...] --inactive 3600 --ping 10 --ping-exit 60when used on both peers will cause OpenVPN to exit within 60 seconds if its peer disconnects, but will exit after one hour if no actual tunnel data is exchanged.
Don't cache --askpass or --auth-user-pass username/passwords in virtual memory.If specified, this directive will cause OpenVPN to immediately forget username/password inputs after they are used. As a result, when OpenVPN needs a username/password, it will prompt for input from stdin, which may be multiple times during the duration of an OpenVPN session.
Require that peer certificate was signed with an explicit nsCertType designation of "client" or "server".This is a useful security option for clients, to ensure that the host they connect with is a designated server.See the easy-rsa/build-key-server script for an example of how to generate a certificate with the nsCertType field set to "server".If the server certificate's nsCertType field is set to "server", then the clients can verify this with --ns-cert-type server.This is an important security precaution to protect against a man-in-the-middle attack where an authorized client attempts to connect to another client by impersonating the server. The attack is easily prevented by having clients verify the server certificate using any one of --ns-cert-type, --tls-remote, or --tls-verify.
