I'm using a kylemanna/openvpn image (Openvpn 2.4) with default settings and I've noticed that each client disconnects for 1 minute every 1 hour. I believe it's connected to reneg-sec, which defaults to 3600 seconds.
This is an issue for me, because I'm using this openvpn to provide an API to some proprietary devices, and 1 minute of downtime per device + 1 minute of downtime for API means 3.3% downtime per day - it's crazy high.
I want to just disable reneg-sec altogether, at most set it to renegotiate once a day. What are the implications of this?
My understanding is that reneg-sec is used to protect from SWEET32 attach, but this page suggests that since my cipher is AES-256-GCM my connection is not susceptible to it? When why do I even need to renegotiate ever?
