I've setup RMS with TOTP MFA but the OpenVPN client configuration is still downloadable.
Assuming that Teltonika is hacked - nobody is safe these days - , a hacker could simply download the openvpn config file and access the internal network of all Teltonika customers. A real nightmare scenario.
I would strongly recommend that Teltonika doesn't save the client configuration files including the private keys used to make the connection. The file could be offered for a one-time download at setup time, and that's it.
Anyone else has similar concerns and if so, how do you mitigate against it ?