Results 1 to 3 of 3
  1. #1
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,789

    Default OpenVPN Bug with Remote Clients

    Untangle v16.1.1.20201028T105733.d127809143-1buster

    I had a situation today where I needed to invalidate an OpenVPN client due to the keys being in a compromised situation.

    This historically meant, select the client in question, click delete, then click save.

    Client is now gone, make a new client of the same name and redistribute it.

    In this specific case, this client was installed on two machines. The dead one which is going back under warranty and why I needed to rotate this key, and a laptop. The laptop stayed connected through the entire process.

    So I power cycled the OpenVPN module to boot everyone off, laptop reconnected just fine, proving that Untangle failed to make a new client under the same name. I'm assuming something under the hood isn't clearing the old client on delete, and when a new client of the same name is made it simply reuses what's there.

    this is BAD, these are certificates, we need to be able to rotate them!

    Disabling the client and power cycling the openvpn module one more time took care of ensuring that soon to be compromised key didn't work. And I simply made new clients of new names to get my customer going again.

    But, yet it's true, OpenVPN isn't cleaning up after itself correctly.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,466

    Default

    There is an issue with deleted configs not disconnected (bug created on Oct 25). Set to be fixed in 16.3. NGFW-13385
    Last edited by jcoffin; 01-24-2021 at 09:50 PM.
    CMcNaughton likes this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,789

    Default

    Good, known issue then. Onward!
    CMcNaughton likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2