By default, OpenVPN caches the hardware token password (or token PIN) for as long as the session lasts. In this recipe, we will configure OpenVPN to "forget" the token PIN after a certain period for even better security. The downside is that the client will fail to reconnect and will exit if it is restarted after this caching period.
We use the following network layout:
Keep the hardware token from the first recipe at hand. For this recipe, the server computer was running CentOS 5 Linux and OpenVPN 2.1.1. The client was running Fedora 12 Linux and OpenVPN 2.1.1. Keep the server configuration file basic-udp-server.conf
from the Chapter 2 recipe Server-side routing at hand.