[Request for feedback] Option to reset OpenVPN settings

[RMerlin]

I recently added an option that allows you to revert an OpenVPN client or server back to its factory default settings.

One thing I'm not sure yet how to handle: the SSL key/certificates, which are stored in /jffs/openvpn/ .

Right now, what I do is I rename them so they aren't used by the server, but the files remain there in case you change your mind and need to recover them.

However, I can see a potential usage scenario where someone might want to really wipe them, before handing the router to someone else (for example).

What is everyone's thought? Should key/certs be renamed, or deleted (and hope that users are taking advantage of the JFFS backup feature that I added a few months ago)?

I would rather avoid the addition of a "backup key/certs" option for now, as I prefer to keep things as simple as possible UI-wise, but I'm not totally opposed to it.

 

[Forerunner]

Personally I think they should be deleted completely as it would make things much more simple.

 

[Veky]

One more vote for deleting them. That should be the whole point of factory default. If needed later, backup them somewhere safe.

Maybe add a prompt "Your key/certificates will be deleted, would you like to make a backup"?

 

[popxunga]

Having an option to export/import the openvpn configuration using the gui would be helpfull. Regardind your question, I think the files should be deleted and not renamed.
Thanks.

 

[octopus]

I vote for save them before delete config, eg forcing user save like "Backup ovpncerts"

 

[thelonelycoder]

What is everyone's thought? Should key/certs be renamed, or deleted (and hope that users are taking advantage of the JFFS backup feature that I added a few months ago)?

Maybe add a Notice or link to the backup page to remind users the backup option is there to use.
Then remove the certs.

 

[LouisvilleUK]

My vote is for delete.

 

[RMerlin]

Maybe add a Notice or link to the backup page to remind users the backup option is there to use.
Then remove the certs.

I did put an alert() call in there asking for confirmation - I could easily reword it to warn the user that he should make a backup of his JFFS partition before proceeding, if he wants to preserve them.

 

[Deleted member 27741]

Is it totally obtuse for me to suggest a choice upon resetting the settings-

Rename or delete existing keys/certs?

I guess that may be a 3 click thing then-
1) select to reset to default
2) rename or delete keys/certs
3) confirm

 

[Avtandil]

One more vote for delete here. I would say, for a normal user like me, a 'factory default' option implies delete anyway...

 

[RMerlin]

Is it totally obtuse for me to suggest a choice upon resetting the settings-

Rename or delete existing keys/certs?

I guess that may be a 3 click thing then-
1) select to reset to default
2) rename or delete keys/certs
3) confirm

Code-wise, that becomes quite complicated, and would require implementing two completely separate code path. I want to keep it simple.

 

[bayern1975]

I recently added an option that allows you to revert an OpenVPN client or server back to its factory default settings.

i didn`t find that option....i am searching for it but no luck....

 

[RMerlin]

i didn`t find that option....i am searching for it but no luck....

It's in development code, not in any release.

 

[mystical]

This is a very useful feature and I vote to delete all the files.
I recently gave one of my ASUS routers to a friend and didn't want any possibly that he could find the certificates for our corporate network access on it, but I didn't want to perform a full factory reset on the ASUS.

 

[Mikeyy]

Delete all files, but warn before.

 

[Matthew Kurowski]

Wouldn't resetting the unit itself (not just the OpenVPN settings) to factory defaults actually wipe the renamed files?

 

[RMerlin]

Wouldn't resetting the unit itself (not just the OpenVPN settings) to factory defaults actually wipe the renamed files?

No. Factory default reset doesn't touch the content of the jffs partition in my firmware. I think Asus wipes it in the stock firmware, but I consider it a bad idea as a lot of people use it to store content they don't want to lose, so I never implemented their behaviour.

 

[Matthew Kurowski]

No. Factory default reset doesn't touch the content of the jffs partition in my firmware. I think Asus wipes it in the stock firmware, but I consider it a bad idea as a lot of people use it to store content they don't want to lose, so I never implemented their behaviour.

Thanks. Then I believe the best option is to fully delete the information with language mentioning the user is responsible for the JFFS backup and that continuing the reset process will delete all keys/certs irrevocably.

 

[Deleted member 27741]

I vote for delete. Delete with a warning would be the coolest.

 

[RMerlin]

Thanks everyone for your feedback. I have changed the code so that the key/certs are now deleted, and rewarded the confirmation request to specify that the existing key and certs for that instance will also be deleted.