Openvpn prompts me for my MFA every hour

mustangman49

Have a opnvpn setup on a newly created firewall. using RADIUS through DUO. The issue is i keep getting DUO prompts to reauth every hour on the hour. Went through all the settings cant find what is causing it.

here is the config from my workstation
dev tun
persist-tun
persist-key
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
data-ciphers-fallback AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote x.x.x.x 1194 udp4
nobind
verify-x509-name "OpenVPN" name
auth-user-pass
pkcs12 pfSense-UDP4-1194-TRMADMIN.p12
tls-auth pfSense-UDP4-1194-TRMADMIN-tls.key 1
remote-cert-tls server
explicit-exit-notify
reneg-sec 0

pfsense verision
BIOS
Vendor: SeaBIOS
Version: rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org
Release Date: Tue Apr 1 2014

Version
2.6.0-RELEASE (amd64)
built on Mon Jan 31 19:57:53 UTC 2022
FreeBSD 12.3-STABLE

jimp

You have to make sure that the server and clients are all using reneg-sec 0

https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/configure-custom.html#renegotiation-time