Perfect Forward Secrecy Info

[dachiefzz 0]

Quick question: How would i decrease the perfect forward secrecy value from 60 minutes (Default) to 30 minutes. Please include step by step instructions

 

Thank you,

DaChiefzz

[Staff 9749]

Hello!

 

You need to insert the directive "reneg-sec" in your OpenVPN client configuration (see below a paste from the OpenVPN manual). Detailed instructions vary according to the client or OpenVPN wrapper you're running. With our client Eddie you can insert the directive in "AirVPN" -> "Preferences" -> "Advanced" -> "OVPN directives". Enter "reneg-sec 1800" in the left box reserved to additional directives, click "Save" and start a connection with a VPN server.

 

Kind regards

 

--reneg-sec n

Renegotiate data channel key after n seconds (default=3600).

When using dual-factor authentication, note that this default value may cause the end user to be challenged to reauthorize once per hour.

Also, keep in mind that this option can be used on both the client and server, and whichever uses the lower value will be the one to trigger the renegotiation. A common mistake is to set --reneg-sec to a higher value on either the client or server, while the other side of the connection is still using the default value of 3600 seconds, meaning that the renegotiation will still occur once per 3600 seconds. The solution is to increase --reneg-sec on both the client and server, or set it to 0 on one side of the connection (to disable), and to your chosen value on the other side.