I’ve noticed some behavior in the OpenVPN app integration that might benefit from clearer documentation or UI explanation.
Current Behavior:
- When a user is added to the ‘vpn’ group, they can download their OpenVPN profile
- If the user is later removed from the ‘vpn’ group:
- They can still connect to the VPN using their previously downloaded profile
- They are prevented from downloading their profile again
UI Description vs. Actual Behavior:
The Users and Groups app currently describes the ‘vpn’ group permission as “Connect to VPN services (vpn)”. This description could be misleading because:
- It suggests that removing the group permission would prevent VPN connections
- In reality, it only controls profile download access, not connection capability
Suggestion:
I believe this could be made clearer in one (or both) of these ways:
- Update the UI description to something like: “Download VPN connection profiles (vpn)”
- Add a note in the documentation explaining that removing VPN group access only prevents profile downloads, not existing connections
This clarification would help administrators better understand the security implications of VPN access management in FreedomBox.
Has anyone else noticed this? What are your thoughts on making this clearer for users?