Default pki.disconnect_invalid to true and make it reloadable (#859)

2025-11-22 16:34:25 +01:00 · 2023-11-13 12:39:38 -06:00
parent f41db52560
commit 3356e03d85
5 changed files with 25 additions and 15 deletions
--- a/examples/config.yml
+++ b/examples/config.yml
@@ -11,7 +11,7 @@ pki:
  #blocklist:
  #  - c99d4e650533b92061b09918e838a5a0a6aaee21eed1d12fd937682865936c72
  # disconnect_invalid is a toggle to force a client to be disconnected if the certificate is expired or invalid.
-  #disconnect_invalid: false
+  #disconnect_invalid: true

 # The static host map defines a set of hosts with fixed IP addresses on the internet (or any network).
 # A host can have multiple fixed IP addresses defined here, and nebula will try each when establishing a tunnel.