add preshared key to VPN session model#2402
Merged
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
Moves MFA session-specific WireGuard preshared keys out of wireguard_network_device and into vpn_client_session, updating gateway/runtime peer selection to rely on the active session state.
Changes:
- Add
vpn_client_session.preshared_key, enforce a single active session per(location_id, device_id), and drop session-ish columns fromwireguard_network_device. - Update core + gateway-manager runtime device/peer handling to derive MFA authorization/PSK from active sessions.
- Update and extend test coverage (session-manager invariants, MFA flows, allowed peers) and refresh sqlx query metadata.
Reviewed changes
Copilot reviewed 34 out of 49 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| migrations/20260317120000_[2.0.0]_vpn_client_session_preshared_key.up.sql | Adds session PSK column, creates active-session unique index, drops device-level MFA/session columns. |
| migrations/20260317120000_[2.0.0]_vpn_client_session_preshared_key.down.sql | Restores dropped columns and repopulates PSK from latest active session on rollback. |
| crates/defguard_session_manager/tests/session_manager/stats.rs | Updates helper calls to include new preshared_key parameter. |
| crates/defguard_session_manager/tests/session_manager/sessions.rs | Updates session creation calls to include preshared_key parameter. |
| crates/defguard_session_manager/tests/session_manager/mod.rs | Registers new db invariant test module. |
| crates/defguard_session_manager/tests/session_manager/mfa.rs | Adjusts MFA tests to rely on sessions for authorization/PSK instead of network-device columns. |
| crates/defguard_session_manager/tests/session_manager/event_flow.rs | Updates session creation calls for new signature. |
| crates/defguard_session_manager/tests/session_manager/disconnects.rs | Updates session creation calls for new signature. |
| crates/defguard_session_manager/tests/session_manager/db_invariants.rs | Adds DB-level tests asserting the active-session uniqueness invariant. |
| crates/defguard_session_manager/tests/common/mod.rs | Refactors “authorize” helper to create an authorized session (with PSK) and extends create_session helper. |
| crates/defguard_session_manager/src/lib.rs | Removes legacy cleanup of MFA auth data from wireguard_network_device. |
| crates/defguard_gateway_manager/src/handler.rs | Uses runtime network info (incl. session PSK) to decide whether/what peer updates to send; adds unit tests for runtime peer update behavior. |
| crates/defguard_core/src/location_management/mod.rs | Emits gateway device events using runtime network info derived from active sessions. |
| crates/defguard_core/src/location_management/allowed_peers.rs | Changes allowed peer selection to pull PSK from the latest active session (and filters MFA peers accordingly); adds tests. |
| crates/defguard_core/src/handlers/wireguard.rs | Builds DeviceNetworkInfo using runtime session-aware helper. |
| crates/defguard_core/src/grpc/proxy/client_mfa.rs | Writes PSK into the newly created MFA session and sends gateway event with runtime network info. |
| crates/defguard_core/src/grpc/mod.rs | Updates GatewayEvent::MfaSessionAuthorized payload to DeviceNetworkInfo. |
| crates/defguard_core/src/enterprise/firewall/tests/mod.rs | Updates test fixtures for removed wireguard_network_device columns. |
| crates/defguard_core/src/enterprise/firewall/tests/gh1868.rs | Updates test fixture for removed wireguard_network_device columns. |
| crates/defguard_common/src/db/models/wireguard.rs | Extends connected-session query to include session PSK. |
| crates/defguard_common/src/db/models/vpn_client_session.rs | Adds preshared_key field and updates active-session queries to return the latest active session deterministically. |
| crates/defguard_common/src/db/models/device.rs | Removes MFA/session columns from WireguardNetworkDevice, adds runtime session-aware DeviceNetworkInfo derivation, and updates queries/tests. |
| .sqlx/query-fed5b29a44329968a6f134990261a3ab49a5a2f9fd81eed714678ec272718ea4.json | sqlx query metadata updated for wireguard_network_device column changes. |
| .sqlx/query-febd6a2dc4a335cc25d730d3e823ef3e8928bea54bd8407fccf74b868f6059b2.json | sqlx query metadata updated for runtime DeviceNetworkInfo query. |
| .sqlx/query-eec3959fe7c4cbfc4ec5215f1664ac34a15e6026f3d571bff9266065b04c14c0.json | sqlx query metadata updated for wireguard_network_device column changes. |
| .sqlx/query-e87af2b4e3fd79709a28381e04690aee96054585a87e6673a5efa275795dc060.json | sqlx query metadata added/updated for “latest active session” query with PSK. |
| .sqlx/query-d86d5f9cb508b1840f0de3c40a993ee77d9cb3c80d8028d99bcc08ccd4c78dd0.json | sqlx query metadata updated for session selection including PSK. |
| .sqlx/query-d3bfcc8f183cf03b369c7defab29d6051e67990518cfcf9f6d1889548b3ab9b4.json | sqlx query metadata updated for wireguard_network_device query signature/shape change. |
| .sqlx/query-b1c28cf7a7c919c5951dfc050a44528dccc0eaa54d3adbaa7e4a336c992a974d.json | sqlx query metadata updated for wireguard_network_device find query after dropping columns. |
| .sqlx/query-a2a31a9e9d53d830f658131eab155413d1dd6ce5a24b87b9fc4060dd1ae704be.json | sqlx query metadata updated for inactive-session query including PSK. |
| .sqlx/query-9cd4fb6b8bb2f231d136f7e02bb9e0f094c419e60e3f8d8bba86f9df5b7d4c9f.json | sqlx query metadata updated for connected-session query including PSK. |
| .sqlx/query-973c64873ac510cc407d43708efaaa1f93553237be1c6767564c2499b9d8f67d.json | sqlx query metadata updated for vpn_client_session UPDATE including PSK. |
| .sqlx/query-8aa6ed2a7f4069cd6e0e0176ce4724039e1a281dd4d3122b5bb8e1cb499070b0.json | sqlx query metadata added for wireguard_network_device UPDATE without removed columns. |
| .sqlx/query-812635247539785e93a0b0e78239cafa2c1e5161eef7c5f35a7705be21235087.json | Removes obsolete sqlx metadata for old wireguard_network_device query shape. |
| .sqlx/query-72d1ffa9d9b2c35c82c4c05d82aa7d8596d6499193933c58fa1d7ba0a8f445bd.json | Removes obsolete sqlx metadata for old DeviceNetworkInfo query without session join. |
| .sqlx/query-675fe2562e81e9886d488ce639a8c6a9b3fa7d140b30bfee7657e3eacf6de6aa.json | sqlx query metadata updated for vpn_client_session SELECT including PSK. |
| .sqlx/query-6363977f3e290a8ee991c9442ab9633fafa49b98d2fd958fcafc66c4cd624ec0.json | sqlx query metadata updated for wireguard_network_device “first for device” query shape. |
| .sqlx/query-60d741f459aaef3a77e69f7396c29eb172facf3f2f9b1a46cf22a8979373edf8.json | sqlx query metadata updated for allowed_peers query using active session PSK. |
| .sqlx/query-5a856149fa68d294e5a15ceacdfc5da77a32a11145804dff5692df7c3d74ce7b.json | sqlx query metadata updated for active sessions query including PSK and ordering. |
| .sqlx/query-59d048f8110a53745afd80c607fc52cb537dfded663e6bbee73d5f908f0ca89e.json | sqlx query metadata updated due to column nullability/shape changes. |
| .sqlx/query-54fada56be8b91633550c77f7259703bcc3163f4935898d0988a6045c29e7dd8.json | Removes obsolete sqlx metadata for old allowed_peers query using wireguard_network_device.preshared_key. |
| .sqlx/query-4b05abebeafeda2f88fff48f6d9d45938371b3f39822c4ff68a1a9515767e0ad.json | sqlx query metadata updated for vpn_client_session find-by-id including PSK. |
| .sqlx/query-47c406366d0b53ca805cff303dfe2a67880adeaca1e10e50bea9b9fc53e08845.json | sqlx query metadata updated due to column nullability/shape changes. |
| .sqlx/query-469bf9a1de598cac208a943d0e6e32c9ebb2231dd6da663cdeaaf29b93afc8ac.json | Removes obsolete sqlx metadata for old wireguard_network_device “first for device” query shape. |
| .sqlx/query-3ea2a5fbb1ec0dc86448b6145cf8b5f8fa8c6ab81da002d0d1ddb5445e7c6d31.json | sqlx query metadata updated for UserDevice network info query ordering. |
| .sqlx/query-32b5d4d820a72da19cbd3bb1a33e17c9555d0350d03679d9cf3b7ccc6451c7ae.json | sqlx query metadata updated for vpn_client_session INSERT including PSK. |
| .sqlx/query-20efd0ac76bd8a6ca51dd31ff89125ce288466a847cf58b3e9be7659e7360933.json | Removes obsolete sqlx metadata for old wireguard_network_device UPDATE including removed columns. |
| .sqlx/query-153fa42e3a61b24b7a264d9ef236841ab88a9361a52129ef199768e900dd12ad.json | sqlx query metadata added for wireguard_network_device INSERT/UPSERT without removed columns. |
| .sqlx/query-09b6f2fc7ec101117a99f85a64314c32c219b73f3afa358f838cb833d5544842.json | Removes obsolete sqlx metadata for old wireguard_network_device INSERT/UPSERT including removed columns. |
Files not reviewed (15)
- .sqlx/query-09b6f2fc7ec101117a99f85a64314c32c219b73f3afa358f838cb833d5544842.json: Language not supported
- .sqlx/query-153fa42e3a61b24b7a264d9ef236841ab88a9361a52129ef199768e900dd12ad.json: Language not supported
- .sqlx/query-20efd0ac76bd8a6ca51dd31ff89125ce288466a847cf58b3e9be7659e7360933.json: Language not supported
- .sqlx/query-469bf9a1de598cac208a943d0e6e32c9ebb2231dd6da663cdeaaf29b93afc8ac.json: Language not supported
- .sqlx/query-47c406366d0b53ca805cff303dfe2a67880adeaca1e10e50bea9b9fc53e08845.json: Language not supported
- .sqlx/query-54fada56be8b91633550c77f7259703bcc3163f4935898d0988a6045c29e7dd8.json: Language not supported
- .sqlx/query-59d048f8110a53745afd80c607fc52cb537dfded663e6bbee73d5f908f0ca89e.json: Language not supported
- .sqlx/query-60d741f459aaef3a77e69f7396c29eb172facf3f2f9b1a46cf22a8979373edf8.json: Language not supported
- .sqlx/query-72d1ffa9d9b2c35c82c4c05d82aa7d8596d6499193933c58fa1d7ba0a8f445bd.json: Language not supported
- .sqlx/query-812635247539785e93a0b0e78239cafa2c1e5161eef7c5f35a7705be21235087.json: Language not supported
- .sqlx/query-8aa6ed2a7f4069cd6e0e0176ce4724039e1a281dd4d3122b5bb8e1cb499070b0.json: Language not supported
- .sqlx/query-e87af2b4e3fd79709a28381e04690aee96054585a87e6673a5efa275795dc060.json: Language not supported
- .sqlx/query-eec3959fe7c4cbfc4ec5215f1664ac34a15e6026f3d571bff9266065b04c14c0.json: Language not supported
- .sqlx/query-febd6a2dc4a335cc25d730d3e823ef3e8928bea54bd8407fccf74b868f6059b2.json: Language not supported
- .sqlx/query-fed5b29a44329968a6f134990261a3ab49a5a2f9fd81eed714678ec272718ea4.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
This PR moves MFA session runtime data (WireGuard preshared keys + “authorized” state) from wireguard_network_device into vpn_client_session, and updates gateway sync logic to only include MFA peers backed by an active session that has a runtime PSK (addressing #1945).
Changes:
- Adds
vpn_client_session.preshared_key, enforces a “single active session per (location, device)” invariant, and drops MFA/session fields fromwireguard_network_device. - Updates core/gateway/session-manager logic to derive runtime
DeviceNetworkInfofrom the latest active session (and skip unauthorized/missing-PSK MFA peers). - Updates/extends sqlx fixtures and adds tests for DB invariants and MFA peer selection.
Reviewed changes
Copilot reviewed 34 out of 50 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| migrations/20260317120000_[2.0.0]_vpn_client_session_preshared_key.up.sql | Adds session-level PSK, creates partial unique index for active sessions, drops device-level MFA/session columns. |
| migrations/20260317120000_[2.0.0]_vpn_client_session_preshared_key.down.sql | Restores dropped device columns and attempts to repopulate PSK on rollback; drops unique index and session PSK column. |
| crates/defguard_session_manager/tests/session_manager/stats.rs | Updates test helper calls to include new PSK parameter. |
| crates/defguard_session_manager/tests/session_manager/sessions.rs | Updates session creation helpers to include new PSK parameter. |
| crates/defguard_session_manager/tests/session_manager/mod.rs | Registers new db_invariants test module. |
| crates/defguard_session_manager/tests/session_manager/mfa.rs | Adjusts MFA tests to rely on active session presence instead of device-level authorization fields. |
| crates/defguard_session_manager/tests/session_manager/event_flow.rs | Updates helper invocations for new session signature. |
| crates/defguard_session_manager/tests/session_manager/disconnects.rs | Updates helper invocations for new session signature. |
| crates/defguard_session_manager/tests/session_manager/db_invariants.rs | Adds tests validating DB-level “single active session” uniqueness. |
| crates/defguard_session_manager/tests/common/mod.rs | Refactors test helpers to create authorized MFA sessions via VpnClientSession (incl. PSK). |
| crates/defguard_session_manager/src/lib.rs | Removes legacy MFA cleanup on wireguard_network_device during disconnect handling. |
| crates/defguard_gateway_manager/src/handler.rs | Centralizes runtime peer generation logic; skips MFA peers without active authorized session + PSK; updates MFA authorized event payload handling; adds tests. |
| crates/defguard_core/src/location_management/mod.rs | Builds gateway DeviceNetworkInfo using runtime session-derived view. |
| crates/defguard_core/src/location_management/allowed_peers.rs | Changes allowed peer selection: non-MFA returns peers without PSK; MFA returns only peers with an active session PSK. Adds tests. |
| crates/defguard_core/src/handlers/wireguard.rs | Uses runtime session-derived DeviceNetworkInfo when modifying devices. |
| crates/defguard_core/src/grpc/proxy/client_mfa.rs | Stores generated PSK on the new MFA session, builds gateway network info from session PSK, removes device-table authorization updates, adds tests. |
| crates/defguard_core/src/grpc/mod.rs | Updates GatewayEvent::MfaSessionAuthorized to carry DeviceNetworkInfo instead of WireguardNetworkDevice. |
| crates/defguard_core/src/enterprise/firewall/tests/mod.rs | Updates WireguardNetworkDevice test fixtures to match removed columns. |
| crates/defguard_core/src/enterprise/firewall/tests/gh1868.rs | Updates WireguardNetworkDevice test fixtures to match removed columns. |
| crates/defguard_common/src/db/models/wireguard.rs | Includes preshared_key when loading active VPN sessions. |
| crates/defguard_common/src/db/models/vpn_client_session.rs | Adds preshared_key field + updates session queries to select it and make active-session selection deterministic. |
| crates/defguard_common/src/db/models/device.rs | Removes session fields from WireguardNetworkDevice, adds runtime DeviceNetworkInfo derivation from latest active session, updates related queries and tests. |
| .sqlx/query-fed5b29a44329968a6f134990261a3ab49a5a2f9fd81eed714678ec272718ea4.json | Updates sqlx offline metadata for modified wireguard_network_device query. |
| .sqlx/query-fda76aeb98f21838bf502c3492da9efc87a8696f46c6f0dea5618b6aac0ff962.json | Adds sqlx offline metadata for MFA allowed-peers query with lateral active session PSK. |
| .sqlx/query-eec3959fe7c4cbfc4ec5215f1664ac34a15e6026f3d571bff9266065b04c14c0.json | Updates sqlx offline metadata for modified wireguard_network_device query. |
| .sqlx/query-e87af2b4e3fd79709a28381e04690aee96054585a87e6673a5efa275795dc060.json | Adds sqlx offline metadata for latest-active-session query selecting PSK. |
| .sqlx/query-d86d5f9cb508b1840f0de3c40a993ee77d9cb3c80d8028d99bcc08ccd4c78dd0.json | Updates sqlx offline metadata for never-connected sessions query selecting PSK. |
| .sqlx/query-d3bfcc8f183cf03b369c7defab29d6051e67990518cfcf9f6d1889548b3ab9b4.json | Updates sqlx offline metadata for modified device/network query. |
| .sqlx/query-b1c28cf7a7c919c5951dfc050a44528dccc0eaa54d3adbaa7e4a336c992a974d.json | Updates sqlx offline metadata for modified wireguard_network_device lookup. |
| .sqlx/query-a2a31a9e9d53d830f658131eab155413d1dd6ce5a24b87b9fc4060dd1ae704be.json | Updates sqlx offline metadata for inactive sessions query selecting PSK. |
| .sqlx/query-9cd4fb6b8bb2f231d136f7e02bb9e0f094c419e60e3f8d8bba86f9df5b7d4c9f.json | Updates sqlx offline metadata for active sessions query selecting PSK. |
| .sqlx/query-990350e22dea5e90064d5acd42ea03d9b14fe56a118b31220c572a4412c711cf.json | Adds sqlx offline metadata for non-MFA allowed-peers query. |
| .sqlx/query-973c64873ac510cc407d43708efaaa1f93553237be1c6767564c2499b9d8f67d.json | Updates sqlx offline metadata for vpn_client_session update including PSK. |
| .sqlx/query-8b9ede93cc39f26e6006bd26eb6d3e7a35e12060a60ddc70ba3cc135c89db642.json | Adds sqlx offline metadata for runtime DeviceInfo network_info query using lateral session. |
| .sqlx/query-8aa6ed2a7f4069cd6e0e0176ce4724039e1a281dd4d3122b5bb8e1cb499070b0.json | Adds sqlx offline metadata for simplified wireguard_network_device update. |
| .sqlx/query-812635247539785e93a0b0e78239cafa2c1e5161eef7c5f35a7705be21235087.json | Removes sqlx offline metadata for old query including removed columns. |
| .sqlx/query-72d1ffa9d9b2c35c82c4c05d82aa7d8596d6499193933c58fa1d7ba0a8f445bd.json | Removes sqlx offline metadata for old query including removed columns. |
| .sqlx/query-675fe2562e81e9886d488ce639a8c6a9b3fa7d140b30bfee7657e3eacf6de6aa.json | Updates sqlx offline metadata for vpn_client_session select including PSK. |
| .sqlx/query-6363977f3e290a8ee991c9442ab9633fafa49b98d2fd958fcafc66c4cd624ec0.json | Updates sqlx offline metadata for modified wireguard_network_device query. |
| .sqlx/query-5a856149fa68d294e5a15ceacdfc5da77a32a11145804dff5692df7c3d74ce7b.json | Updates sqlx offline metadata for active sessions query/select changes. |
| .sqlx/query-59d048f8110a53745afd80c607fc52cb537dfded663e6bbee73d5f908f0ca89e.json | Updates sqlx offline metadata nullability due to schema/query changes. |
| .sqlx/query-54fada56be8b91633550c77f7259703bcc3163f4935898d0988a6045c29e7dd8.json | Removes sqlx offline metadata for old allowed-peers query using device-level auth/psk. |
| .sqlx/query-4b05abebeafeda2f88fff48f6d9d45938371b3f39822c4ff68a1a9515767e0ad.json | Updates sqlx offline metadata for vpn_client_session find-by-id including PSK. |
| .sqlx/query-47c406366d0b53ca805cff303dfe2a67880adeaca1e10e50bea9b9fc53e08845.json | Updates sqlx offline metadata nullability due to schema/query changes. |
| .sqlx/query-469bf9a1de598cac208a943d0e6e32c9ebb2231dd6da663cdeaaf29b93afc8ac.json | Removes sqlx offline metadata for old wireguard_network_device query including removed columns. |
| .sqlx/query-3ea2a5fbb1ec0dc86448b6145cf8b5f8fa8c6ab81da002d0d1ddb5445e7c6d31.json | Updates sqlx offline metadata to add deterministic ordering in lateral session selection. |
| .sqlx/query-32b5d4d820a72da19cbd3bb1a33e17c9555d0350d03679d9cf3b7ccc6451c7ae.json | Updates sqlx offline metadata for vpn_client_session insert including PSK. |
| .sqlx/query-20efd0ac76bd8a6ca51dd31ff89125ce288466a847cf58b3e9be7659e7360933.json | Removes sqlx offline metadata for old wireguard_network_device update including removed columns. |
| .sqlx/query-153fa42e3a61b24b7a264d9ef236841ab88a9361a52129ef199768e900dd12ad.json | Adds sqlx offline metadata for simplified wireguard_network_device insert/upsert. |
| .sqlx/query-09b6f2fc7ec101117a99f85a64314c32c219b73f3afa358f838cb833d5544842.json | Removes sqlx offline metadata for old wireguard_network_device insert/upsert including removed columns. |
Files not reviewed (16)
- .sqlx/query-09b6f2fc7ec101117a99f85a64314c32c219b73f3afa358f838cb833d5544842.json: Language not supported
- .sqlx/query-153fa42e3a61b24b7a264d9ef236841ab88a9361a52129ef199768e900dd12ad.json: Language not supported
- .sqlx/query-20efd0ac76bd8a6ca51dd31ff89125ce288466a847cf58b3e9be7659e7360933.json: Language not supported
- .sqlx/query-469bf9a1de598cac208a943d0e6e32c9ebb2231dd6da663cdeaaf29b93afc8ac.json: Language not supported
- .sqlx/query-47c406366d0b53ca805cff303dfe2a67880adeaca1e10e50bea9b9fc53e08845.json: Language not supported
- .sqlx/query-54fada56be8b91633550c77f7259703bcc3163f4935898d0988a6045c29e7dd8.json: Language not supported
- .sqlx/query-59d048f8110a53745afd80c607fc52cb537dfded663e6bbee73d5f908f0ca89e.json: Language not supported
- .sqlx/query-72d1ffa9d9b2c35c82c4c05d82aa7d8596d6499193933c58fa1d7ba0a8f445bd.json: Language not supported
- .sqlx/query-812635247539785e93a0b0e78239cafa2c1e5161eef7c5f35a7705be21235087.json: Language not supported
- .sqlx/query-8aa6ed2a7f4069cd6e0e0176ce4724039e1a281dd4d3122b5bb8e1cb499070b0.json: Language not supported
- .sqlx/query-8b9ede93cc39f26e6006bd26eb6d3e7a35e12060a60ddc70ba3cc135c89db642.json: Language not supported
- .sqlx/query-990350e22dea5e90064d5acd42ea03d9b14fe56a118b31220c572a4412c711cf.json: Language not supported
- .sqlx/query-e87af2b4e3fd79709a28381e04690aee96054585a87e6673a5efa275795dc060.json: Language not supported
- .sqlx/query-eec3959fe7c4cbfc4ec5215f1664ac34a15e6026f3d571bff9266065b04c14c0.json: Language not supported
- .sqlx/query-fda76aeb98f21838bf502c3492da9efc87a8696f46c6f0dea5618b6aac0ff962.json: Language not supported
- .sqlx/query-fed5b29a44329968a6f134990261a3ab49a5a2f9fd81eed714678ec272718ea4.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
moubctez
reviewed
Mar 19, 2026
moubctez
reviewed
Mar 19, 2026
moubctez
reviewed
Mar 19, 2026
moubctez
reviewed
Mar 19, 2026
moubctez
reviewed
Mar 19, 2026
moubctez
reviewed
Mar 19, 2026
moubctez
reviewed
Mar 19, 2026
moubctez
reviewed
Mar 19, 2026
moubctez
reviewed
Mar 19, 2026
moubctez
approved these changes
Mar 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Move preshared key to the vpn sessions table.
Closes #1945