mirror of
https://github.com/evgeny-gridasov/openvpn-otp.git
synced 2026-04-25 05:15:57 +03:00
[GH-ISSUE #39] 'reneg-sec 0' is not a good idea, and is not necessary in OpenVPN >= 2.4 #23
Labels
No labels
pull-request
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/openvpn-otp#23
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @wrossmann on GitHub (Mar 19, 2021).
Original GitHub issue: https://github.com/evgeny-gridasov/openvpn-otp/issues/39
Setting your tunnel to never renegotiate is a security problem for long-running tunnels, and OpenVPN added the
auth-gen-tokenconfig parameter specifically for cases like OTP authentication. In short, after authentication OpenVPN will generate a token to be used for renegotiation in place of re-sending the username and password.Please add a mention of
auth-gen-tokenfor OpenVPN >= 2.4 in the README.@evgeny-gridasov commented on GitHub (Mar 19, 2021):
Thanks Wade,
Would you like to raise a PR to add that?
I don’t want to take credit for other people’s contributions.
Alternatively, I could make that change myself.