lynx at luchs.at
Wed Aug 24 21:41:26 CEST 2016
On Aug 24, 2016 at 2127 +0200, Hanno Böck appeared and said:
> On Wed, 24 Aug 2016 21:19:07 +0200
> Akendo <akendo at akendo.eu> wrote:
> > The openvpn configuration includes a keepalive parameter with
> > following values: 10 120
> > you think this is sufficient? Whereby I'm uncertain about the function
> > in OpenVPN in regards to your statement.
> I have no idea what keepalive means in the context of OpenVPN. My
> suggestion was regarding http.
> Honestly I only learned that openvpn basically uses its own crypto
> quite recently. I don't really understand why they don't simply use
> TLS. Probably an interesting research project to look closer into this.
I believe it's because they have to deal with long-lived VPN connection
that "feature" packet loss. OpenVPN implements the transport via UDP
(although TCP can be used, too). The implementation pre-dates QUIC and
DTLS (initial release of OpenVPN was 2001).
I volunteer to help for the closer look since I use OpenVPN extensively.
)\._.,--....,'``. fL Let GNU/Linux work for you while you take a nap.
/, _.. \ _\ (`._ ,. R. Pfeiffer <lynx at luchs.at> + http://web.luchs.at/
`._.-(,_..'--(,_..'`-.;.' - System administration + Consulting + Teaching -
Got mail delivery problems? https://web.luchs.at/information/blockedmail.php
Warning: Do _NOT_ send emails with HTML content to my address! No guarantees!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 213 bytes
Desc: not available
More information about the Ach