Stop SSL VPN from storing users' passwords in client PC's memory
Currently the Sophos SSL VPN client logs this warning in its log when connecting: "WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this"
This appears to be a security risk, since a malicious program could conceivably obtain the user's login credentials.
I opened a ticket with Sophos support for this, but they confirmed there is no way to make the UTM add this option to the .ovpn files when it creates the client installer bundle for a user. The user CAN manually add it to their .ovpn file, but it's not feasible to require all our users to be able to do that.
Please add a setting in the OpenSSL VPN configuration section that will allow us to add this option to the .ovpn files when it generates them.