Comments (5)
seems like intended behaviour, if you delete the device from the openwisp2 database, the checksum and download config operations will return 404 because won't find any device with that UUID and key, if you want the device to register again you have to restore its shared secret
from openwisp-controller.
Yes, you have to restore the shared secret and unset the uuid and key, then the client is able to register the device again.
It doesn't prevent stolen devices from re-registering here either because the default config is still available in ROM.
I'm closing this issue as this is intended behaviour.
from openwisp-controller.
True, stolen devices can be problematic. A solution to that could be to modify the firmware image in order to have a strong password configured for the failsafe mode, do you think that's doable?
from openwisp-controller.
In our images there's even no failsafe mode available :-) If you're interested I can find out how that is done.
Regarding the lock out of stolen devices, I guess we have to store the openwisp-config configuration file (and thus the shared secret) in the overlay so that it can't be restored from ROM.
Another thing to consider for such a lock-out feature would be that locked-out devices can't establish a VPN connection anymore. What do you think about that?
from openwisp-controller.
The VPN lock out can be done by revoking the certificate from the OpenWISP web UI, but the openvpn server must be configured in order to preiodically download the CRL from OpenWISP and reload the openvpn config accordingly when a change is detected.
from openwisp-controller.
Related Issues (20)
- [feature] Removing VPN template should not delete related certificate
- [feature] Add API endpoint that returns co-ordinates on indoor map (floorplan)
- [bug] Deleting VPN template does not delete VpnClient objects HOT 2
- [change] Do not allow applying two (or more) templates of same VPN server on a device
- [bug] Flaky test openwisp_controller.config.tests.test_selenium.TestDeviceAdmin.test_create_new_device
- [bug] SEND COMMAND option not displayed when it should be HOT 2
- [bug] Reverting template from history doesn't send config changed signal
- [change] Notify users of background subnet division rule errors
- [bug] Subnet division rule does not allow assigning only 1 ip in /32
- [feature] Allow subnet division rule to assign IP addresses from the main subnet
- [change:ux] Show subnet division rule organization field only if subnet organization field is set to shared
- [bug] Applying 0008_alter_deviceconnection_unique_together fails if database has duplicate objects HOT 1
- [change/admin] Format configuration and configuration variables as indented JSON if the user has only view permission
- [feature] Allow deactivating device from the API
- [bug] Exporting devices as XLS or YAML fails with exception complaining aboud UUID
- [bug] Import UI unreadable when browser is set to dark mode
- [change] Update subnet division docs link
- [bug] Multiple SubnetDivisionRule of different sizes HOT 1
- [bug] Subnet division rule validation fails with uncaught exception if subnet is left empty
- [bug:ui] Preview keyboard keys do not work anymore HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openwisp-controller.