WARNING: this configuration may cache passwords in memory OpenVPN

ceofreak · Mar 6, 2018, 8:00 AM

Hi folks :)

I tried to use the search option to fix this, but if you search for the error message every single post where someone posted their VPN Logs pops up :)

So I got this message, how can you fix this with pfsense? I tried to enter the auth-nocache option in the additional commands under OpenVPN but it didn't help.

Is this even a legit security risk?

Thank you!

ontzuevanhussen · Jul 4, 2020, 12:11 PM

@ceofreak Yes, same like me. Anyone can help?

provels · Jul 4, 2020, 1:22 PM

auth-nocache should be added to the client config, not the server. I have used auth-nocache before, but then I was prompted every hour to reconfirm credentials. There are quite a few posts on it. OpenVPN has a default data channel key renegotiation of one hour (3600 seconds). You can add

 reneg-sec 36000

to your server's Advanced/Custom Options to increase that interval to 10 hours (for example).

ontzuevanhussen · Jul 4, 2020, 1:31 PM

This post is deleted!

ontzuevanhussen · Jul 4, 2020, 1:32 PM

This post is deleted!

ontzuevanhussen · Jul 4, 2020, 1:35 PM

@provels Ok, now work for me. Thank you so much!

ontzuevanhussen · Jul 4, 2020, 1:42 PM

@provels said in WARNING: this configuration may cache passwords in memory OpenVPN:

to your server's Advanced/Custom

where this menu?

provels · Jul 4, 2020, 3:49 PM

@ontzuevanhussen
VPN/OpenVPN/<your server>/Edit/Advanced Configuration/Custom options

ontzuevanhussen · Jul 4, 2020, 4:43 PM

@provels Ok, like this?

provels · Jul 4, 2020, 7:01 PM

@ontzuevanhussen That's it!