PSK bootstap tunnel for clients with wrong system date?

How to customize and extend your OpenVPN installation.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
epoch
OpenVpn Newbie
Posts: 1
Joined: Fri Oct 27, 2017 8:11 am

PSK bootstap tunnel for clients with wrong system date?

Post by epoch » Fri Oct 27, 2017 8:56 am

Hi there, first post here but (very) long time OpenVPN user.

I'm dealing more and more with Raspberry Pi OVPN clients and I would like to devise an improvement to the usual startup procedure in TLS mode.
Specifically I am concerned with lack of RTC and the machine starting at epoch date: until the OS has acquired the current date the TLS tunnel will not start up. Sometimes I can see clients trying to connect with the wrong date and AFAIK I can't do anything to help them.

I am wondering about the idea of using a PSK tunnel to where a trusted NTP clock resides. Ultimately the client system would either have 2 tunnels (one for NTP and the "real" TLS one), or the PSK tunnel could be torn down after clock sync and the TLS tunnel start.

Wrong system date is a rather common problem, how do you solve/control it?
Thanks for your insights.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: PSK bootstap tunnel for clients with wrong system date?

Post by TinCanTech » Fri Oct 27, 2017 11:59 am

Or just setup ntpd to get the right time from a server you trust .. like ubuntu pool ..

Post Reply