From 526d747db79ea5f005f05e2a5f466d2f270f55ec Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Thu, 23 Jan 2025 14:06:09 +0100
Subject: [PATCH] VPN: OpenVPN: Instances - add validation "A disabled
 renegotiation time requires a token lifetime.". closes
 https://github.com/opnsense/core/pull/8203

---
 src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
index 729263391..64f284e1d 100644
--- a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
+++ b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
@@ -133,11 +133,16 @@ class OpenVPN extends BaseModel
                         $key . ".verify_client_cert"
                     ));
                 }
-                if ((string)$instance->{'auth-gen-token'} != '0' && (string)$instance->{'reneg-sec'} == '0') {
+                if (!empty((string)$instance->{'auth-gen-token'}) && (string)$instance->{'reneg-sec'} == '0') {
                     $messages->appendMessage(new Message(
                         gettext('A token lifetime requires a non zero Renegotiate time.'),
                         $key . ".auth-gen-token"
                     ));
+                } elseif ((string)$instance->{'auth-gen-token'} == '0' && (string)$instance->{'reneg-sec'} == '0') {
+                    $messages->appendMessage(new Message(
+                        gettext('A disabled renegotiation time requires a token lifetime.'),
+                        $key . ".auth-gen-token"
+                    ));
                 }
             }
             if (!empty((string)$instance->cert)) {