doc/man-sections/renegotiation.rst


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

Data Channel Renegotiation
--------------------------

When running OpenVPN in client/server mode, the data channel will use a
separate ephemeral encryption key which is rotated at regular intervals.

--reneg-bytes n
  Renegotiate data channel key after ``n`` bytes sent or received
  (disabled by default with an exception, see below). OpenVPN allows the
  lifetime of a key to be expressed as a number of bytes
  encrypted/decrypted, a number of packets, or a number of seconds. A key
  renegotiation will be forced if any of these three criteria are met by
  either peer.

  If using ciphers with cipher block sizes less than 128-bits,
  ``--reneg-bytes`` is set to 64MB by default, unless it is explicitly
  disabled by setting the value to :code:`0`, but this is
  **HIGHLY DISCOURAGED** as this is designed to add some protection against
  the SWEET32 attack vector. For more information see the ``--cipher``
  option.

--reneg-pkts n
  Renegotiate data channel key after **n** packets sent and received
  (disabled by default).

--reneg-sec args
  Renegotiate data channel key after at most ``max`` seconds
  (default :code:`3600`) and at least ``min`` seconds (default is 90% of
  ``max`` for servers, and equal to ``max`` for clients).
  ::

     reneg-sec max [min]

  The effective ``--reneg-sec`` value used is per session
  pseudo-uniform-randomized between ``min`` and ``max``.

  With the default value of :code:`3600` this results in an effective per
  session value in the range of :code:`3240`..:code:`3600` seconds for
  servers, or just 3600 for clients.

  When using dual-factor authentication, note that this default value may
  cause the end user to be challenged to reauthorize once per hour.

  Also, keep in mind that this option can be used on both the client and
  server, and whichever uses the lower value will be the one to trigger
  the renegotiation. A common mistake is to set ``--reneg-sec`` to a
  higher value on either the client or server, while the other side of the
  connection is still using the default value of :code:`3600` seconds,
  meaning that the renegotiation will still occur once per :code:`3600`
  seconds. The solution is to increase --reneg-sec on both the client and
  server, or set it to :code:`0` on one side of the connection (to
  disable), and to your chosen value on the other side.