summaryrefslogtreecommitdiff
path: root/docs/vpn/openvpn.rst
diff options
context:
space:
mode:
authorcurrite <sll@disroot.org>2019-09-17 01:32:05 +0200
committercurrite <sll@disroot.org>2019-09-17 01:32:05 +0200
commit8a9b0b66cce423835674674daf44f2d00f4abe00 (patch)
treeeccb6c4b6c5eb6a04f3d955be4f0ca6c3d19b50a /docs/vpn/openvpn.rst
parent22ab45d01501f6f811926692e86f76b053f6630b (diff)
downloadvyos-documentation-8a9b0b66cce423835674674daf44f2d00f4abe00.tar.gz
vyos-documentation-8a9b0b66cce423835674674daf44f2d00f4abe00.zip
add note on vpn-option -reneg-sec
Diffstat (limited to 'docs/vpn/openvpn.rst')
-rw-r--r--docs/vpn/openvpn.rst4
1 files changed, 4 insertions, 0 deletions
diff --git a/docs/vpn/openvpn.rst b/docs/vpn/openvpn.rst
index 5a269b43..29104199 100644
--- a/docs/vpn/openvpn.rst
+++ b/docs/vpn/openvpn.rst
@@ -175,6 +175,10 @@ First we need to specify the basic settings. 1194/UDP is the default. The
`persistent-tunnel` option is recommended, it prevents the TUN/TAP device from
closing on connection resets or daemon reloads.
+
+.. note:: Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used at both server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur.
+
+
.. code-block:: sh
set interfaces openvpn vtun10 mode server