[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] etoken with openvpn 2.1 rc4 on windows

  • Subject: Re: [Openvpn-users] etoken with openvpn 2.1 rc4 on windows
  • From: "Reimer Karlsen-Masur, DFN-CERT" <karlsen-masur@xxxxxxxxxxx>
  • Date: Thu, 04 Oct 2007 13:02:51 +0200


jamona perez wrote:
>  Hi,
> I've another question for you, estimated list members.
> I've set up openvpn 2.1 RC 4 to work on windows
> with an aladdin etoken using the crytoapi setting.
> the only thing is, when I remove the token from its usb slot,
> the tunnel stays open and functionnal. Is it a bug or is there a setting
> that I should change ?

in my tests I used

reneg-sec 120

on the client side config to enforce the re-usage of the crypto token
(renegotiation of the session key) every 120 seconds.

There was a note in the documentation <http://openvpn.net/man-beta.html> of
that option that there is a server and client side default of 3600 seconds.
The minimum of both values is used.

There are also two other reneg-* parameters depending on number of packets
or kB send through the tunnel.
Beste Gruesse / Kind Regards

Reimer Karlsen-Masur

DFN-PKI FAQ: https://www.pki.dfn.de/faqpki
Dipl.-Inform. Reimer Karlsen-Masur (PKI Team),   Phone   +49 40 808077-615

DFN-CERT Services GmbH, https://www.dfn-cert.de,  Phone  +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805,  Ust-IdNr.:  DE 232129737
Heidenkampsweg 41, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature