Session key renegotiation

To ensure the security of each OpenVPN connection, the server periodically renegotiates the secret key for the data channel with each client. This is controlled using three options:

reneg-sec N: Renegotiate data channel key after N seconds (default is 3600)
reneg-bytes N: Renegotiate data channel key after N bytes (default=0=off)
reneg-pkts N: Renegotiate data channel key after N packets (default=0=off)

If a VPN client is experiencing periodic timeouts when connected to the server, it is often useful to vary these parameters. If you set the reneg-sec parameter at a very short interval, however, the performance of the VPN will be severely degraded.

The reneg options can be specified on either the client or the server side, ...

Get Mastering OpenVPN now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering OpenVPN by Eric F Crist, Jan Just Keijser

Session key renegotiation

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly