[TriLUG] openvpn questions
randy at electronsweatshop.com
Fri Apr 20 14:40:46 EDT 2012
On 04/20/2012 02:38 PM, Joseph Mack NA3T wrote:
> The docs say the crypto login exchange _might_ not work if the client
> and server clocks aren't synchronised.
> I take it there is a time offset check in the key exchange. Why is this?
> Why do you care if the other party's clock is wrong?
> Why _might_ it not work? I would expect if there is a requirement for
> the clocks to be offset by less than a certain amount it _will_ (rather
> than _might_) fail.
This is to reduce the risk of replay attacks.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 262 bytes
Desc: OpenPGP digital signature
More information about the TriLUG