Hi there, first post here but (very) long time OpenVPN user.
I'm dealing more and more with Raspberry Pi OVPN clients and I would like to devise an improvement to the usual startup procedure in TLS mode.
Specifically I am concerned with lack of RTC and the machine starting at epoch date: until the OS has acquired the current date the TLS tunnel will not start up. Sometimes I can see clients trying to connect with the wrong date and AFAIK I can't do anything to help them.
I am wondering about the idea of using a PSK tunnel to where a trusted NTP clock resides. Ultimately the client system would either have 2 tunnels (one for NTP and the "real" TLS one), or the PSK tunnel could be torn down after clock sync and the TLS tunnel start.
Wrong system date is a rather common problem, how do you solve/control it?
Thanks for your insights.
PSK bootstap tunnel for clients with wrong system date?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 1
- Joined: Fri Oct 27, 2017 8:11 am
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: PSK bootstap tunnel for clients with wrong system date?
Or just setup ntpd to get the right time from a server you trust .. like ubuntu pool ..