Flawed Static Key Mini-HOWTO

[Kolusion]

The Static Key Mini-HOWTO section 'Make the link more resistant to connection failures' says to use to the 'keepalive' directive in both the server and configuration files as 'keepalive 10 60'.

https://openvpn.net/community-resources ... ini-howto/


The reference manual for OpenVPN 2.4 says the 'keepalive' directive 'timeout' argument will be twice as long on the server side.

https://openvpn.net/community-resources ... envpn-2-4/


The Static Key Mini-HOWTO should not be instructing the user to use the same 'timeout' argument value for both the client and server configuration files.

[Kolusion]

Also, the section 'Make the link more resistant to connection failures' has another problem. The section says its for dealing with keeping a connection through a NAT router/firewall alive, and following the DNS name of the server if it changes its IP address, and then the directives are given, unexplained.

https://openvpn.net/community-resources ... ini-howto/

The problem with this is that not everyone connects their client to a server using a DNS name, so not all the directive(s) it gives is applicable, but there is no explanation of which directive(s) are related to keeping a connection through a NAT router/firewall alive, and which directive(s) are related to following the DNS name of the server if it changes its IP address, so, the user doesn't know which directive(s) to use.

I wanted to make my OpenVPN link more resistant to connection failures by keeping a connection through a NAT router/firewall alive, but I had to skip this section because it's unclear and I had to be pragmatic as time was short.

Dealing with keeping a connection through a NAT router/firewall alive, and following the DNS name of the server if it changes its IP address should have their own sections. That way, the user can use the applicable directive(s) without needing an explanation of what each directive does.