diff options
| author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2006-12-24 10:38:56 +0000 |
|---|---|---|
| committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2006-12-24 10:38:56 +0000 |
| commit | 9696719a37c16879c5fc9336767bad699b05e744 (patch) | |
| tree | eea20e4b6b4bae1a603eb76f72007ef5c710b519 /openvpn.8 | |
| parent | Interim snapshot 2.1_rc1c (diff) | |
| download | openvpn-9696719a37c16879c5fc9336767bad699b05e744.tar.xz | |
--reneg-sec clarification in man page.
Should be added to 2.0.x branch as well.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1606 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'openvpn.8')
| -rw-r--r-- | openvpn.8 | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -3860,6 +3860,19 @@ packets sent and received (disabled by default). Renegotiate data channel key after .B n seconds (default=3600). + +When using dual-factor authentication, note that this default value may +cause the end user to be challenged to reauthorize once per hour. + +Also, keep in mind that this option can be used on both the client and server, +and whichever uses the lower value will be the one to trigger the renegotiation. +A common mistake is to set +.B --reneg-sec +to a higher value on either the client or server, while the other side of the connection +is still using the default value of 3600 seconds, meaning that the renegotiation will +still occur once per 3600 seconds. The solution is to increase --reneg-sec on both the +client and server, or set it to 0 on one side of the connection (to disable), and to +your chosen value on the other side. .\"********************************************************* .TP .B --hand-window n |