Re: [Openvpn-users] Re: Softphone Drops & Client re-authentication

["Sameh Attia" <sattia@xxxxxxxxx>]

Hi,

ping-timer-rem is not intended for (and not necessary in) client/server
mode. I don't know that it's been tested not to have negative side
effects in that case.

I notice you aren't really making use of some of the macros available to
shorten your configuration -- for instance, you're using "mode server",
an explicit ifconfig and ifconfig-pool, etc. in place of just a "server"
directive.

Might this cause something? We have this long time ago. Also we used to be sure what option doing what? For example --server network netmask might be changed from version to version and instead of setting .1 IP to the tunnel may assign another one. Anyway we reverted to the simple form you mentioned.

Sharing client certificates really is a bad practice.

We do not.

Likewise, ping/ping-timer is most typically done with just a "keepalive"
directive on the server side.

I did not see any warning in the log regarding using this option alone. Anyway this is not the case. The clients are using Avaya's softphone and they do not timeout or stay idle for 120 seconds.

Regards

-- 
Sameh Attia
Information Security Manager
Red Hat Certified Engineer
TE Data
--
dc -e '603178305900664311156641389051003470569569613466992253686426210705237258P'

Attachment: tedata.ovpn
Description: Binary data