Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
OPNSense storing VPN client passwords in clear text
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNSense storing VPN client passwords in clear text (Read 927 times)
guest38025
Guest
OPNSense storing VPN client passwords in clear text
«
on:
April 21, 2023, 10:07:46 pm »
Hello All,
I noticed that the openvpn client user and pass are stored in clear text in the openvpn directory, "/var/etc/openvpn" on the firewall filesystem. The user and pass is stored in a file there named client1.up in clear text.
Is this a known issue, or expected behavior?
Thanks
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: OPNSense storing VPN client passwords in clear text
«
Reply #1 on:
April 22, 2023, 09:34:21 am »
Open a shell and run:
ls -ltrh /var/etc/openvpn/
Are any files world readable? They should only be accessible by root
Bart...
Logged
meyergru
Hero Member
Posts: 1684
Karma: 165
IT Aficionado
Re: OPNSense storing VPN client passwords in clear text
«
Reply #2 on:
April 22, 2023, 01:11:38 pm »
What would you expect how credentials should be saved if they have to be automatically provided? Even with asymmetric authentication, a client has to prove its identify. OpnSense just uses the means provided by OpenVPN in that the credentials are stored as plain text.
While one could encrypt those private credentials, there must be a way to get at the real data, such that anyone knowing how to decrypt it can also steal it. Since OpnSense is open source, this is obviously a hen-and-egg problem.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
OPNSense storing VPN client passwords in clear text
