SecurePass and OpenVPN key re-negotiation

OpenVPN by default renegotiate the keys every 3600 seconds. Most of the users using traditional username/password schema won’t even notice it, but the connection basically goes down and the client automatically reconnects using the previously used password.

When One Time Password are used (such as SecurePass), this automatic reconnection doesn’t work in the background … or better, it does reconnect but asks for username and 2FA again. This is sometimes annoying for the standard users.

It’s better to modify the default behavior using the reneg-sec configuration parameter in OpenVPN.

Below the configuration for pfsense:

pfsense openvpn

Keep in mind that reneg-sec is in seconds, so for 8 hours use 28800 and for 10 hours use 36000.