From 242fc74ccbdb738fc34ac3c9efbbf51dd8aab042 Mon Sep 17 00:00:00 2001
From: Monviech <79600909+Monviech@users.noreply.github.com>
Date: Tue, 17 Feb 2026 16:15:33 +0100
Subject: [PATCH] vpn/openvpn: Use tls-crypt and tls-auth aliases for
 generating the static key (#9810)

* vpn/openvpn: Even though openvpn --genkey secret generates the same static key for secret, tls-auth and tls-crypt, it is more explicit to use all modes verbatim. It's simpler to expand it in the future this way.
---
 .../OPNsense/OpenVPN/Api/InstancesController.php      |  2 +-
 .../mvc/app/views/OPNsense/OpenVPN/instances.volt     | 11 ++++++++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/InstancesController.php b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/InstancesController.php
index 863087b5ce..36cad771d2 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/InstancesController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/InstancesController.php
@@ -98,7 +98,7 @@ class InstancesController extends ApiMutableModelControllerBase
 
     public function genKeyAction($type = 'secret')
     {
-        if (in_array($type, ['secret', 'auth-token'])) {
+        if (in_array($type, ['secret', 'auth-token', 'tls-auth', 'tls-crypt'])) {
             $key = (new Backend())->configdpRun("openvpn genkey", [$type]);
             if (strpos($key, '-----BEGIN') !== false) {
                 return [
diff --git a/src/opnsense/mvc/app/views/OPNsense/OpenVPN/instances.volt b/src/opnsense/mvc/app/views/OPNsense/OpenVPN/instances.volt
index 110d7f5806..77b568558e 100644
--- a/src/opnsense/mvc/app/views/OPNsense/OpenVPN/instances.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/OpenVPN/instances.volt
@@ -81,9 +81,14 @@
         $("#row_statickey\\.mode > td:eq(1) > div:last").before($("#keygen_div").detach().show());
         $("#control_label_instance\\.auth-gen-token-secret").before($("#keygen_auth_token_div").detach().show());
 
-        $("#keygen").click(function(){
-            ajaxGet("/api/openvpn/instances/gen_key/secret", {}, function(data, status){
-                if (data.result && data.result === 'ok') {
+        $("#keygen").click(function() {
+            let statickey_mode = $("#statickey\\.mode").val();
+            const mode_map = {
+                auth: "tls-auth",
+                crypt: "tls-crypt"
+            };
+            ajaxGet("/api/openvpn/instances/gen_key/" + mode_map[statickey_mode], {}, function(data){
+                if (data.result === 'ok') {
                     $("#statickey\\.key").val(data.key);
                 }
             });