Messages

[NOT]

So I changed Auth Token Lifetime to 1.5 hours. When the one hour encryption key regen time expired, as expected, there was no session disconnect. However when the Auth Token Lifetime expired (30 minutes later) there was a session disconnect. So I changed the Auth Token Lifetime to 16 hours which is more than long enough for my requirement.

Everything I have read suggests that the encryption key regen timer should NOT be set too long to avoid the possibility of the encryption key being compromised. What about setting the Auth Token Lifetime to 16 hours? Is there a possibility that the Auth Token can be compromised? Is 16 hours too long? Are there other options?

TonyC

viragomann,

Thank you.

TonyC

Deleted.

Duplicate Post, sorry


TonyC

OpnSense version:  25.1.7_4-amd64

I have an OpenVPN instance configured and working as needed. The only annoyance is that when the encryption key is regenerated every hour, my session is disconnected and I need to reconnect. On the OpenVPN forum I found that adding the server configuration parameter "auth-gen-token" to the instance configuration will correct this issue by using a generated token that is passed to the client. The token is verified when key regeneration occurs and the session is not disconnected.

Is this a valid solution?

How do I add the "auth-gen-token" parameter to the instance configuration?

Does it need to be added to the client configuration also?

I tried setting "Auth Token Lifetime" to 0 (zero), but that did not change anything.

Thank you in advance for your help.

TonyC