Hello,
I have setup the openvpn server with the time based code generation.
It works but after some times it systematic disconnect me from the server...
There is a time out setting?
Hey there,
there ist a setting Renegotiate time under advanced VPN Server config:
Renegotiate data channel key after n seconds (default=3600).
When using a one time password, be advised that your connection will automatically drop because your password is not valid anymore.
Set to 0 to disable, remember to change your client as well.
Maybe thats it what you are looking for...
Otherwise you should post some logs from VPN server at verbosity level 3 or 4
Really thank you.
I have changed the server side, but in the client config i don't see any text string relative to time password.
You know what i need to specify?
nope, sorry, never used such setting...
should be
–reneg-sec n in config file, but maybe this command doesnt exist in client config.
for reference the command description from ovpn:
Quote–reneg-sec n
Renegotiate data channel key after n seconds (default=3600).When using dual-factor authentication, note that this default value may cause the end user to be challenged to reauthorize once per hour.
Also, keep in mind that this option can be used on both the client and server, and whichever uses the lower value will be the one to trigger the renegotiation. A common mistake is to set –reneg-sec to a higher value on either the client or server, while the other side of the connection is still using the default value of 3600 seconds, meaning that the renegotiation will still occur once per 3600 seconds. The solution is to increase –reneg-sec on both the client and server, or set it to 0 on one side of the connection (to disable), and to your chosen value on the other side.
You should also look into the --ping combined with --ping-restart options. I usually set these to 10 and 60 respectively for S2S ovpn connections.
the –reneg-sec 0 it's not recognized from tunnelbclik (client openvpn for mac)
used as parameter in a single line. I need to use like??:
remote server_ip 1194 udp –reneg-sec 0
Quote from: tiermutter on May 27, 2020, 01:24:53 PM
nope, sorry, never used such setting...
should be –reneg-sec n in config file, but maybe this command doesnt exist in client config.
for reference the command description from ovpn:
Quote–reneg-sec n
Renegotiate data channel key after n seconds (default=3600).When using dual-factor authentication, note that this default value may cause the end user to be challenged to reauthorize once per hour.
Also, keep in mind that this option can be used on both the client and server, and whichever uses the lower value will be the one to trigger the renegotiation. A common mistake is to set –reneg-sec to a higher value on either the client or server, while the other side of the connection is still using the default value of 3600 seconds, meaning that the renegotiation will still occur once per 3600 seconds. The solution is to increase –reneg-sec on both the client and server, or set it to 0 on one side of the connection (to disable), and to your chosen value on the other side.
When placing ovpn options in a config file you have to remove the double-leading-dash at the beginning:
reneg-sec 0
However, if this option is not set in client config, but in server config, you will not need to add it in client config.
(see description)