Question

Hi to all users.
I took a look to OpenVPN examples for Teltonika devices where I upload files (ca.crt, client.crt and client.key) and I set password to connect to OpenVPN server.
Does these files/password are locally stored in encrypted way or can I recover it once logged in through ssh?
Thanks.

Answer 1

Hi, 

Regarding to your question the file is stored inside the router as illustrated in the image below:


I viewed it on WinSCP and SSH :) 

For getting the certificate files you can get it on WinSCP software for windows and SCP command in terminal for Linux.

Here is an example in getting the static.key from the router. It's the same way of getting the uploaded certificate files
in OpenVPN. 
 



Hope it helps :) 

Regards,
Jerome

Comments

Ok, thanks.
So, if I hack a device having access trough ssh, I can copy files to another device and use it to access to VPN, is this right?
To avoid this is there a way to create client certificates based on specific hardware parameters?

---

Hi, 

Regarding this you can block the SSH remote access on the router or the HTTP remote access. Because you can reach the device using the OpenVPN IP address I am not a 100% sure but it's best to actually test it on your side :). 

Also you can add more security like limiting the fail attempts on SSH and HTTP access of the router. 


Hope it helps :)

Regards,
Jerome