Re-registration of a device deleted with django-netjsonconfig fails about openwisp-controller HOT 5 CLOSED

seems like intended behaviour, if you delete the device from the openwisp2 database, the checksum and download config operations will return 404 because won't find any device with that UUID and key, if you want the device to register again you have to restore its shared secret

from openwisp-controller.

Yes, you have to restore the shared secret and unset the uuid and key, then the client is able to register the device again.

It doesn't prevent stolen devices from re-registering here either because the default config is still available in ROM.

I'm closing this issue as this is intended behaviour.

from openwisp-controller.

True, stolen devices can be problematic. A solution to that could be to modify the firmware image in order to have a strong password configured for the failsafe mode, do you think that's doable?

from openwisp-controller.

In our images there's even no failsafe mode available :-) If you're interested I can find out how that is done.

Regarding the lock out of stolen devices, I guess we have to store the openwisp-config configuration file (and thus the shared secret) in the overlay so that it can't be restored from ROM.

Another thing to consider for such a lock-out feature would be that locked-out devices can't establish a VPN connection anymore. What do you think about that?

from openwisp-controller.

The VPN lock out can be done by revoking the certificate from the OpenWISP web UI, but the openvpn server must be configured in order to preiodically download the CRL from OpenWISP and reload the openvpn config accordingly when a change is detected.

from openwisp-controller.