OpenVPN Client Credentials

rbrown · Sep 22, 2020, 6:24 PM

Is there any way within PfSense OpenVPN server to prevent the users from "saving" credentials including password within their client config? My concern is should these mobile devices be stolen/lost, the individual would have complete access to whatever tunnel was created, without having to know the password. Yes it can be disabled once it is clear the device is missing/gone, but a lot can happen during that time. If not configurable with the Server, can the generated OpenVPN config file include a provision to "prompt for password everytime" possibly?

johnpoz · Sep 22, 2020, 7:10 PM

Pretty sure, has been around for quite some time

HKLM\Software\OpenVPN\disable_save_passwords

Set that to something other than 0..

edit: Here just tested this

I set that to 1, and then restarted the openvpn gui - notice that save password checkbox is now gone.

rbrown · Sep 22, 2020, 7:13 PM

Thanks so much. Does that work on Surface Pros as well?

johnpoz · Sep 22, 2020, 7:14 PM

That runs windows right - then yeah should. Easy enough to test, I would test it for you but don't have a Surface Pro... If you send me one happy to test it for you ;) heheheh

rbrown · Sep 22, 2020, 7:16 PM

@johnpoz If I had a SurfacePro, I would give it to you!! Nix guy here.

johnpoz · Sep 22, 2020, 7:19 PM

heheheh - yeah I prob wouldn't use it even if you sent me one free ;) Other than testing this scenario for you of course ;)

noplan · Sep 22, 2020, 8:14 PM

And u folks here made my day here!
Greets from Europe