Hi Michael,
Am Dienstag, den 13.02.2018, 08:07 +0200 schrieb Horace Michael:
Please consider to add auth-nocache also in order to get rid of the warnings for caching credentials.
just to bear in mind, if we set auth-nocache and a user/password authentication has been configured manually by the user (IPFire do not provides this currently), there is the need to authenticate again after a session key has been expired.
With OpenVPN-2.3.13 and above the rekeying are managed by '--reneg- bytes 64000000' (after 64 MB data transfer) if 64 bit block ciphers are used which IPFire do provides at this time.
So by the usage of an old deprecated configuration (old ciphers) and a faster and heavily loaded connection there is the need to authenticate every few minutes.
This warning looks not so nice but is in regular configurations, which has been made via WUI, useless since there is no user/password authentication currently available.
If someone has configured it manually (in most cases via server{client}.conf.local i think) it is there also possible to set ' --auth-nocache' for each configuration individually if needed ?
Just some thoughts from here.
Greetings,
Erik