OpenVPN export, add auth-nocache option, closes https://github.com/opnsense/core/issues/3193

2026-03-13 16:14:40 +00:00 · 2019-02-22 15:29:48 +01:00 · 2019-02-22 15:29:48 +01:00 · cc2b41bf15
commit cc2b41bf15
parent a8d89dadc5
5 changed files with 20 additions and 3 deletions
--- a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/export_options.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/export_options.xml
@ -45,6 +45,16 @@
        <type>checkbox</type>
        <help>Verify the server certificate name when the client connects</help>
    </field>
+    <field>
+        <id>openvpn_export.auth_nocache</id>
+        <label>Disable password save</label>
+        <type>checkbox</type>
+        <style>export_option</style>
+        <help>
+          Sets auth-nocache in the exported configuration when password authentication is used.
+          This prevents OpenVPN from caching passwords in memory.
+        </help>
+    </field>
    <field>
        <id>openvpn_export.plain_config</id>
        <label>Custom config</label>
--- a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php
+++ b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php
@ -48,7 +48,7 @@ class ArchiveOpenVPN extends PlainOpenVPN
     */
    public function supportedOptions()
    {
-        return array("plain_config", "p12_password", "random_local_port");
+        return array("plain_config", "p12_password", "random_local_port", "auth_nocache");
    }

    /**
--- a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php
+++ b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php
@ -48,7 +48,7 @@ class PlainOpenVPN extends BaseExporter implements IExportProvider
     */
    public function supportedOptions()
    {
-        return array("plain_config", "random_local_port");
+        return array("plain_config", "random_local_port", "auth_nocache");
    }

    /**
@ -132,6 +132,9 @@ class PlainOpenVPN extends BaseExporter implements IExportProvider
        }
        if (in_array($this->config['mode'], array('server_user', 'server_tls_user'))) {
            $conf[] = "auth-user-pass";
+            if (!empty($this->config['auth_nocache'])) {
+                $conf[] = "auth-nocache";
+            }
        }

        if (!empty($this->config['compression'])) {
--- a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ViscosityVisz.php
+++ b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ViscosityVisz.php
@ -48,7 +48,7 @@ class ViscosityVisz extends PlainOpenVPN
     */
    public function supportedOptions()
    {
-        return array("plain_config", "p12_password", "random_local_port");
+        return array("plain_config", "p12_password", "random_local_port", "auth_nocache");
    }

    /**
--- a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/Export.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/Export.xml
@ -27,6 +27,10 @@
                    <default>1</default>
                    <Required>Y</Required>
                </validate_server_cn>
+                <auth_nocache type="BooleanField">
+                    <default>0</default>
+                    <Required>N</Required>
+                </auth_nocache>
                <plain_config type="TextField"/>
            </server>
        </servers>