VPN: OpenVPN: Instances - add validation "A disabled renegotiation time requires a token lifetime.". closes https://github.com/opnsense/core/pull/8203

2026-03-13 08:09:41 +00:00 · 2025-01-23 14:06:09 +01:00 · 2025-01-23 14:06:09 +01:00 · 526d747db7
commit 526d747db7
parent e43bca743b
1 changed files with 6 additions and 1 deletions
--- a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
+++ b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
@ -133,11 +133,16 @@ class OpenVPN extends BaseModel
                        $key . ".verify_client_cert"
                    ));
                }
-                if ((string)$instance->{'auth-gen-token'} != '0' && (string)$instance->{'reneg-sec'} == '0') {
+                if (!empty((string)$instance->{'auth-gen-token'}) && (string)$instance->{'reneg-sec'} == '0') {
                    $messages->appendMessage(new Message(
                        gettext('A token lifetime requires a non zero Renegotiate time.'),
                        $key . ".auth-gen-token"
                    ));
+                } elseif ((string)$instance->{'auth-gen-token'} == '0' && (string)$instance->{'reneg-sec'} == '0') {
+                    $messages->appendMessage(new Message(
+                        gettext('A disabled renegotiation time requires a token lifetime.'),
+                        $key . ".auth-gen-token"
+                    ));
                }
            }
            if (!empty((string)$instance->cert)) {