• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN Client Credentials

Scheduled Pinned Locked Moved OpenVPN
7 Posts 3 Posters 1.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    rbrown
    last edited by rbrown Sep 22, 2020, 6:24 PM Sep 22, 2020, 6:19 PM

    Is there any way within PfSense OpenVPN server to prevent the users from "saving" credentials including password within their client config? My concern is should these mobile devices be stolen/lost, the individual would have complete access to whatever tunnel was created, without having to know the password. Yes it can be disabled once it is clear the device is missing/gone, but a lot can happen during that time. If not configurable with the Server, can the generated OpenVPN config file include a provision to "prompt for password everytime" possibly?

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by johnpoz Sep 22, 2020, 7:10 PM Sep 22, 2020, 7:03 PM

      Pretty sure, has been around for quite some time

      HKLM\Software\OpenVPN\disable_save_passwords

      Set that to something other than 0..

      openvpn.png

      edit: Here just tested this

      not-set.png

      I set that to 1, and then restarted the openvpn gui - notice that save password checkbox is now gone.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 1
      • R
        rbrown
        last edited by Sep 22, 2020, 7:13 PM

        Thanks so much. Does that work on Surface Pros as well?

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by johnpoz Sep 22, 2020, 7:14 PM Sep 22, 2020, 7:14 PM

          That runs windows right - then yeah should. Easy enough to test, I would test it for you but don't have a Surface Pro... If you send me one happy to test it for you ;) heheheh

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          R 1 Reply Last reply Sep 22, 2020, 7:16 PM Reply Quote 0
          • R
            rbrown @johnpoz
            last edited by Sep 22, 2020, 7:16 PM

            @johnpoz If I had a SurfacePro, I would give it to you!! Nix guy here.

            1 Reply Last reply Reply Quote 0
            • J
              johnpoz LAYER 8 Global Moderator
              last edited by Sep 22, 2020, 7:19 PM

              heheheh - yeah I prob wouldn't use it even if you sent me one free ;) Other than testing this scenario for you of course ;)

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              N 1 Reply Last reply Sep 22, 2020, 8:14 PM Reply Quote 0
              • N
                noplan @johnpoz
                last edited by Sep 22, 2020, 8:14 PM

                And u folks here made my day here!
                Greets from Europe

                1 Reply Last reply Reply Quote 0
                7 out of 7
                • First post
                  7/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received