subscribe to our Youtube


14455 questions

17168 answers


0 members

We are migrating to our new platform at Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
+1 vote
288 views 1 comments
by anonymous
I've setup RMS with TOTP MFA but the OpenVPN client configuration is still downloadable.

Assuming that Teltonika is hacked - nobody is safe these days - , a hacker could simply download the openvpn config file and access the internal network of all Teltonika customers. A real nightmare scenario.

I would strongly recommend that Teltonika doesn't save the client configuration files including the private keys used to make the connection. The file could be offered for a one-time download at setup time, and that's it.

Anyone else has similar concerns and if so, how do you mitigate against it ?

1 Answer

0 votes
by anonymous


Thank you for your suggestion.

Security concerns is one of the main focus areas in Teltonika and we are constantly working to improve it as well as provide general availability and ease of access of the service. Allowing to download the same config file can be regarded as a security flaw, however, there are reasons to allow it. Due to this more security measures are taken to protect the access to the system itself. 

You can read more about it in the following page:

Best regards,


by anonymous
You guys are essentially storing your user's passwords in the clear. There is no amount of ease of usability that warrants this. The internet is littered with hacked SasS providers that leaked their user's credentials and in your case it's 1000% worse because a hack in your systems can lead to direct access to your customer's internal networks. Why take this risk ?

This is a huge red flag for me.

Please pass on to your dev teams to have a second look at this matter. At least make it an option in RMS so the user can choose to remove their private keys from their service and those who don't, to mange their own risks.

Or you can add a passphrase to the configuration, that the user must enter at each connection