openvpn默认下是每一个小时重新认证一下key,
但由于,当前环境 开启google 两步认证 ,一小时过后,重新认证时 google两步认证 验证码 以改变,
导致认证失败,连接中断,
默认值3600, 也就是一个小时进行一次TSL重新协商。
这个参数在服务端和客户端设置都有效 如果两边都设置了,那马就按照时间短的设定优先。当两边同时设置成0,表示禁用TSL重协商。
cat /etc/openvpn/server.conf | grep reneg-sec reneg-sec 0
–reneg-sec n
Renegotiate data channel key after n seconds (default=3600).
When using dual-factor authentication, note that this default value may cause the end user to be challenged to reauthorize once per hour.Also, keep in mind that this option can be used on both the client and server, and whichever uses the lower value will be the one to trigger the renegotiation. A common mistake is to set –reneg-sec to a higher value on either the client or server, while the other side of the connection is still using the default value of 3600 seconds, meaning that the renegotiation will still occur once per 3600 seconds. The solution is to increase –reneg-sec on both the client and server, or set it to 0 on one side of the connection (to disable), and to your chosen value on the other side.
http://openvpn.net/index.php/open-source/documentation/manuals/69-openvpn-21.html
相关文章
转载请注明:爱开源 » OpenVPN 解决 每小时断线一次