From: ummeegge <ummeegge@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH v2] CRL updater: Update script for OpenVPNs CRL
Date: Tue, 13 Feb 2018 11:00:12 +0100 [thread overview]
Message-ID: <1518516012.11931.1.camel@ipfire.org> (raw)
In-Reply-To: <15716B81-F9B5-4458-9AEC-1EF6DEFAAA20@gmx.com>
[-- Attachment #1: Type: text/plain, Size: 1189 bytes --]
Hi Michael,
Am Dienstag, den 13.02.2018, 08:07 +0200 schrieb Horace Michael:
>
> Please consider to add auth-nocache also in order to get rid of the
> warnings for caching credentials.
just to bear in mind, if we set auth-nocache and a user/password
authentication has been configured manually by the user (IPFire do not
provides this currently), there is the need to authenticate again after
a session key has been expired.
With OpenVPN-2.3.13 and above the rekeying are managed by '--reneg-
bytes 64000000' (after 64 MB data transfer) if 64 bit block ciphers are
used which IPFire do provides at this time.
So by the usage of an old deprecated configuration (old ciphers) and a
faster and heavily loaded connection there is the need to authenticate
every few minutes.
This warning looks not so nice but is in regular configurations, which
has been made via WUI, useless since there is no user/password
authentication currently available.
If someone has configured it manually (in most cases via
server{client}.conf.local i think) it is there also possible to set '
--auth-nocache' for each configuration individually if needed ?
Just some thoughts from here.
Greetings,
Erik
next prev parent reply other threads:[~2018-02-13 10:00 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-30 16:38 [PATCH] OpenVPN: Update to version 2.4.4 Erik Kapfer
2018-01-30 20:00 ` Michael Tremer
2018-02-02 6:34 ` [PATCH] CRL updater: Update script for OpenVPN CRL Erik Kapfer
2018-02-02 10:51 ` Michael Tremer
2018-02-02 19:19 ` ummeegge
2018-02-03 20:20 ` ummeegge
2018-02-06 0:44 ` Michael Tremer
2018-02-06 9:24 ` ummeegge
2018-02-06 16:34 ` Michael Tremer
2018-02-06 20:09 ` [PATCH v2] CRL updater: Update script for OpenVPNs CRL Erik Kapfer
2018-02-06 21:45 ` Michael Tremer
2018-02-07 17:31 ` Erik Kapfer
2018-02-11 22:25 ` Michael Tremer
2018-02-13 6:02 ` ummeegge
2018-02-13 6:07 ` Horace Michael
2018-02-13 10:00 ` ummeegge [this message]
2018-02-13 14:21 ` Horace Michael
2018-02-14 14:09 ` ummeegge
2018-02-13 13:13 ` ummeegge
2018-02-14 12:22 ` Michael Tremer
2018-02-14 13:24 ` ummeegge
2018-02-14 20:27 ` Michael Tremer
2018-02-15 6:18 ` ummeegge
2018-02-15 11:05 ` Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1518516012.11931.1.camel@ipfire.org \
--to=ummeegge@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox