diff options
author | currite <sll@disroot.org> | 2019-09-17 01:32:05 +0200 |
---|---|---|
committer | currite <sll@disroot.org> | 2019-09-17 01:32:05 +0200 |
commit | 8a9b0b66cce423835674674daf44f2d00f4abe00 (patch) | |
tree | eccb6c4b6c5eb6a04f3d955be4f0ca6c3d19b50a /docs/vpn/openvpn.rst | |
parent | 22ab45d01501f6f811926692e86f76b053f6630b (diff) | |
download | vyos-documentation-8a9b0b66cce423835674674daf44f2d00f4abe00.tar.gz vyos-documentation-8a9b0b66cce423835674674daf44f2d00f4abe00.zip |
add note on vpn-option -reneg-sec
Diffstat (limited to 'docs/vpn/openvpn.rst')
-rw-r--r-- | docs/vpn/openvpn.rst | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/docs/vpn/openvpn.rst b/docs/vpn/openvpn.rst index 5a269b43..29104199 100644 --- a/docs/vpn/openvpn.rst +++ b/docs/vpn/openvpn.rst @@ -175,6 +175,10 @@ First we need to specify the basic settings. 1194/UDP is the default. The `persistent-tunnel` option is recommended, it prevents the TUN/TAP device from closing on connection resets or daemon reloads. + +.. note:: Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used at both server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur. + + .. code-block:: sh set interfaces openvpn vtun10 mode server |