From ec23ffc0ef65ee3fe1f25d23c9690b709edb384c Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Sat, 21 Sep 2024 15:22:11 +0200
Subject: [PATCH] VPN: OpenVPN: Instances - validate "Auth Token Lifetime"
 requires a non zero Renegotiate time, closes
 https://github.com/opnsense/core/issues/7690

---
 src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
index 08178dd23..873fb4ca5 100644
--- a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
+++ b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
@@ -156,6 +156,13 @@ class OpenVPN extends BaseModel
                     $key . ".proto"
                 ));
             }
+            if ((string)$instance->{'auth-gen-token'} != '0' && (string)$instance->{'reneg-sec'} == '0') {
+                $messages->appendMessage(new Message(
+                    gettext('A token lifetime requires a non zero Renegotiate time.'),
+                    $key . ".auth-gen-token"
+                ));
+            }
+
         }
         return $messages;
     }