How does one adjust the re-keying rate?

[Indigo35 4]

Hi Staff,

 

How does someone go about adjusting the DHE key with Viscosity on OS X?

 

Thank you.

 

Edit: Can someone also edit the key size if someone is very paranoid?

[Staff 9894]

Hello!

The directive for the renegotiation time is reneg-sec. We don't know whether it's possible to assign this custom directive with Viscosity (probably so, just add it on the .ovpn file with the custom directive option in the Configuration Generator or with a text editor and test). Default in our servers is 3600 seconds. You can't go over this value but you can go below.

 

The "overlying" RSA keys sizes (2048 bit) can't be modified by you.

 

 

 

See the OpenVPN manual:

 

--reneg-sec n Renegotiate data channel key after n seconds (default=3600).

When using dual-factor authentication, note that this default value may cause the end user to be challenged to reauthorize once per hour.

Also, keep in mind that this option can be used on both the client and server, and whichever uses the lower value will be the one to trigger the renegotiation. A common mistake is to set --reneg-sec to a higher value on either the client or server, while the other side of the connection is still using the default value of 3600 seconds, meaning that the renegotiation will still occur once per 3600 seconds. The solution is to increase --reneg-sec on both the client and server, or set it to 0 on one side of the connection (to disable), and to your chosen value on the other side.

 

Kind regards

[Indigo35 4]

A very thorough explanation.

 

Thank you.