Project

General

Profile

Bug #11684

add the "explicit-exit-notify" option as a default for OpenVPN Server instances

Added by Viktor Gurov 2 months ago. Updated 7 days ago.

Status:
Pull Request Review
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
Start date:
03/16/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
21.05
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:

Description

https://openvpn-users.narkive.com/bjhC5hVo/tls-error-local-remote-tls-keys-are-out-of-sync#post8:
Suppose you have a UDP OpenVPN connection between "Client" and "Server".
If Client is restarted, because it is a client, it will renegotiate new
TLS keys with the server, and the keys will immediately be in sync.
However if the Server is restarted, it will not know that it must force a
key renegotiation with a previously connected client because servers don't
initiate connections, they wait for them to be initiated by clients.

Associated revisions

Revision 0193bb0b (diff)
Added by Viktor Gurov 6 days ago

Set explicit-exit-notify to 1 for new OpenVPN Server instances. Issue #11684

History

#2 Updated by Jim Pingle 2 months ago

  • Status changed from New to Pull Request Review
  • Target version set to CE-Next

#3 Updated by Jim Pingle 7 days ago

  • Plus Target Version set to 21.05

Also available in: Atom PDF