PSK bootstap tunnel for clients with wrong system date?
Posted: Fri Oct 27, 2017 8:56 am
Hi there, first post here but (very) long time OpenVPN user.
I'm dealing more and more with Raspberry Pi OVPN clients and I would like to devise an improvement to the usual startup procedure in TLS mode.
Specifically I am concerned with lack of RTC and the machine starting at epoch date: until the OS has acquired the current date the TLS tunnel will not start up. Sometimes I can see clients trying to connect with the wrong date and AFAIK I can't do anything to help them.
I am wondering about the idea of using a PSK tunnel to where a trusted NTP clock resides. Ultimately the client system would either have 2 tunnels (one for NTP and the "real" TLS one), or the PSK tunnel could be torn down after clock sync and the TLS tunnel start.
Wrong system date is a rather common problem, how do you solve/control it?
Thanks for your insights.
I'm dealing more and more with Raspberry Pi OVPN clients and I would like to devise an improvement to the usual startup procedure in TLS mode.
Specifically I am concerned with lack of RTC and the machine starting at epoch date: until the OS has acquired the current date the TLS tunnel will not start up. Sometimes I can see clients trying to connect with the wrong date and AFAIK I can't do anything to help them.
I am wondering about the idea of using a PSK tunnel to where a trusted NTP clock resides. Ultimately the client system would either have 2 tunnels (one for NTP and the "real" TLS one), or the PSK tunnel could be torn down after clock sync and the TLS tunnel start.
Wrong system date is a rather common problem, how do you solve/control it?
Thanks for your insights.