Prevent TLS retry in OpenVPN

 

A typical OpenVPN configuration file will retry the connection upon a TLS connection failure. In some circumstances the user may want to prevent a retry if there is a failure. This may be especially true if the user suspects a potential attack on the connection. In such a situation multiple automatic retries could in theory result in a problem.

 

To prevent any retries on the connection enter the following line anywhere in your OpenVPN configuration file.

 

tls-exit

 

Note that using this parameter may deduce connection stability as any TLS failure would bring an end to the connection. TLS negotiation failures are fairly common and usually begining occurrences.