OpenVPN server is reusing key and the old certificate is valid after new implementation.

hvad I tried 

1) I deleted the implementation of my OpenVPN server.

2) I create a new instance of the OpenVPN server using the routers webpage.

3) I share my vpn users to use the new OpenVPN server (section vpn, users)

4) I then connected from my pc with the new OpenVPN file including the certificates and key. that worked fine.

5) however to my big surprise I then tried using my mobile phone, I forgot to update my OpenVPN configuration file and use the old one, to my big surprise I was also able to log on.

6) which for me means that  you are using the same key even though you create a new certificate pair moreover there is no check on the certificate used or simply the product is generating the same set each time.

I am very concerned ,  I expect a resolution asap this this not secure at all.

If you want to sell omada as SMB product then you need to make sure that basic security are implemented correct

Clive_A please send me a note when you have red my message

br

Trollen