What's new

[Request for feedback] Option to reset OpenVPN settings

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.

RMerlin

Asuswrt-Merlin dev
Staff member
I recently added an option that allows you to revert an OpenVPN client or server back to its factory default settings.

One thing I'm not sure yet how to handle: the SSL key/certificates, which are stored in /jffs/openvpn/ .

Right now, what I do is I rename them so they aren't used by the server, but the files remain there in case you change your mind and need to recover them.

However, I can see a potential usage scenario where someone might want to really wipe them, before handing the router to someone else (for example).

What is everyone's thought? Should key/certs be renamed, or deleted (and hope that users are taking advantage of the JFFS backup feature that I added a few months ago)?

I would rather avoid the addition of a "backup key/certs" option for now, as I prefer to keep things as simple as possible UI-wise, but I'm not totally opposed to it.
 
One more vote for deleting them. That should be the whole point of factory default. If needed later, backup them somewhere safe.

Maybe add a prompt "Your key/certificates will be deleted, would you like to make a backup"?
 
Having an option to export/import the openvpn configuration using the gui would be helpfull. Regardind your question, I think the files should be deleted and not renamed.
Thanks.
 
I vote for save them before delete config, eg forcing user save like "Backup ovpncerts"
 
What is everyone's thought? Should key/certs be renamed, or deleted (and hope that users are taking advantage of the JFFS backup feature that I added a few months ago)?
Maybe add a Notice or link to the backup page to remind users the backup option is there to use.
Then remove the certs.
 
Maybe add a Notice or link to the backup page to remind users the backup option is there to use.
Then remove the certs.

I did put an alert() call in there asking for confirmation - I could easily reword it to warn the user that he should make a backup of his JFFS partition before proceeding, if he wants to preserve them.
 
Is it totally obtuse for me to suggest a choice upon resetting the settings-

Rename or delete existing keys/certs?

I guess that may be a 3 click thing then-
1) select to reset to default
2) rename or delete keys/certs
3) confirm
 
One more vote for delete here. I would say, for a normal user like me, a 'factory default' option implies delete anyway...
 
Is it totally obtuse for me to suggest a choice upon resetting the settings-

Rename or delete existing keys/certs?

I guess that may be a 3 click thing then-
1) select to reset to default
2) rename or delete keys/certs
3) confirm

Code-wise, that becomes quite complicated, and would require implementing two completely separate code path. I want to keep it simple.
 
I recently added an option that allows you to revert an OpenVPN client or server back to its factory default settings.

i didn`t find that option....i am searching for it but no luck....:)
 
This is a very useful feature and I vote to delete all the files.
I recently gave one of my ASUS routers to a friend and didn't want any possibly that he could find the certificates for our corporate network access on it, but I didn't want to perform a full factory reset on the ASUS.
 
Wouldn't resetting the unit itself (not just the OpenVPN settings) to factory defaults actually wipe the renamed files?

No. Factory default reset doesn't touch the content of the jffs partition in my firmware. I think Asus wipes it in the stock firmware, but I consider it a bad idea as a lot of people use it to store content they don't want to lose, so I never implemented their behaviour.
 
No. Factory default reset doesn't touch the content of the jffs partition in my firmware. I think Asus wipes it in the stock firmware, but I consider it a bad idea as a lot of people use it to store content they don't want to lose, so I never implemented their behaviour.

Thanks. Then I believe the best option is to fully delete the information with language mentioning the user is responsible for the JFFS backup and that continuing the reset process will delete all keys/certs irrevocably.
 
I vote for delete. Delete with a warning would be the coolest.
 
Thanks everyone for your feedback. I have changed the code so that the key/certs are now deleted, and rewarded the confirmation request to specify that the existing key and certs for that instance will also be deleted.
 
Status
Not open for further replies.

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top