From 875cc26c3d3b4d45c0bcec6e9a9cf6a04e073d51 Mon Sep 17 00:00:00 2001
From: randomshell <randshell@protonmail.com>
Date: Thu, 7 May 2020 20:50:05 +0000
Subject: [PATCH] Add auth-gen-token server option

We use auth-nocache option so every hour a renegotiation can cause custom configurations to fail because of a necessary input of the credentials. auth-gen-token option prevents this.

From the OpenVPN manual:
"The purpose of this is to enable two factor authentication methods, such as HOTP or TOTP, to be used without needing to retrieve a new OTP code each time the connection is renegotiated. Another use case is to cache authentication data on the client without needing to have the users password cached in memory during the life time of the session."
---
 openvpn-install.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index 5f49ada..7446b7e 100755
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -890,6 +890,7 @@ ncp-ciphers $CIPHER
 tls-server
 tls-version-min 1.2
 tls-cipher $CC_CIPHER
+auth-gen-token
 client-config-dir /etc/openvpn/ccd
 status /var/log/openvpn/status.log
 verb 3" >>/etc/openvpn/server.conf