This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OpenVPN // Which settings require Client configuration update?

Hi folks,

I want to change the Key lifetime for our SSL VPN sessions and wonder that there's no information about which settings require client configuration updates.

For example in the Menu "Remote Access -> SSL -> Advanced -> Cryptographic Settings":

I assume changing the options "Encryption algorithm", "Authentication algorithm", "Key size" and "Server certificate" would result into all current SSL VPN sessions to terminate and no user can log in again, because the clients have to redownload their updated configurations?

And I assume changing the "Key lifetime" would be safe and doesn't cause Session termination and redownload of client configurations.

I can't test this at the moment ...

Can anyone clarify this, please?

Thanks!

This thread was automatically locked due to age.

0 BAlfson over 4 years ago

Hallo Tobias and welcome to the UTM Community!

I don't see anything in the client config files related to key size or key lifetime, so I agree those should be safe to change. The things that would prevent connection if changed appear to be Authentication algorithm and Server certificate. I suspect that changing the Encryption algorithm would disrupt an existing connection, but I haven't confirmed that with an experiment.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel