Long Certificate Renegotiation Times

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
chockomonkey
OpenVpn Newbie
Posts: 4
Joined: Tue Mar 28, 2017 5:13 pm

Long Certificate Renegotiation Times

Post by chockomonkey » Mon Jan 21, 2019 8:31 pm

I'm looking for a place to start troubleshooting this issue I have.

I'm using the latest Access Server with local authentication. Connections are made over UDP, although I am running in dual daemon mode (both UDP and TCP), and have enabled auto-logon.

I've also tested authentication with the authcli script which succeeds instantaneously. The initial client vpn connection also happens within seconds.

The problem arises during renegotiation only, where it takes upwards of 2 minutes to renegotiate and re-authenticate the new key.

I have considered just increasing the time before renegotiation, but I figured I'd start by asking if this long delay is typical, and if not, where I can start troubleshooting why it takes so long.

Thanks all!

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: Long Certificate Renegotiation Times

Post by novaflash » Mon Jan 21, 2019 8:33 pm

Only during TLS key refresh, right? On OpenVPN 2.4.6? Then it's a known bug. Will be fixed in a next released.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

chockomonkey
OpenVpn Newbie
Posts: 4
Joined: Tue Mar 28, 2017 5:13 pm

Re: Long Certificate Renegotiation Times

Post by chockomonkey » Tue Jan 22, 2019 9:21 pm

Yep only on key refresh. Thanks for the heads up

Post Reply