WARNING: this configuration may cache passwords in memory OpenVPN
-
Hi folks :)
I tried to use the search option to fix this, but if you search for the error message every single post where someone posted their VPN Logs pops up :)
So I got this message, how can you fix this with pfsense? I tried to enter the auth-nocache option in the additional commands under OpenVPN but it didn't help.
Is this even a legit security risk?
Thank you!
-
@ceofreak Yes, same like me. Anyone can help?
-
auth-nocache should be added to the client config, not the server. I have used auth-nocache before, but then I was prompted every hour to reconfirm credentials. There are quite a few posts on it. OpenVPN has a default data channel key renegotiation of one hour (3600 seconds). You can add
reneg-sec 36000to your server's Advanced/Custom Options to increase that interval to 10 hours (for example).
Peder
MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic) -
This post is deleted! -
This post is deleted! -
@provels Ok, now work for me. Thank you so much!
-
@provels said in WARNING: this configuration may cache passwords in memory OpenVPN:
to your server's Advanced/Custom
where this menu?
-
@ontzuevanhussen
VPN/OpenVPN/<your server>/Edit/Advanced Configuration/Custom options -
@provels Ok, like this?
-
@ontzuevanhussen That's it!
