From 8a9b0b66cce423835674674daf44f2d00f4abe00 Mon Sep 17 00:00:00 2001
From: currite <sll@disroot.org>
Date: Tue, 17 Sep 2019 01:32:05 +0200
Subject: add note on vpn-option -reneg-sec

---
 docs/vpn/openvpn.rst | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'docs/vpn')

diff --git a/docs/vpn/openvpn.rst b/docs/vpn/openvpn.rst
index 5a269b43..29104199 100644
--- a/docs/vpn/openvpn.rst
+++ b/docs/vpn/openvpn.rst
@@ -175,6 +175,10 @@ First we need to specify the basic settings. 1194/UDP is the default. The
 `persistent-tunnel` option is recommended, it prevents the TUN/TAP device from
 closing on connection resets or daemon reloads.
 
+
+.. note:: Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used at both server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur.
+
+
 .. code-block:: sh
 
   set interfaces openvpn vtun10 mode server
-- 
cgit v1.2.3