Elimintate a client from server

[macaruchi]

Hi!
I have a OpenVPN server with 20 users and everything is fine but now I need to eliminate 2 users from my server. How can I delete the access for these 2 users ?
I know if that I delete the cert into the clients I can do it but it is imposible now.
There is a way to tell it to server that user can not connect to my server ?

TIA

[george]

If you are using cert based authentication, you just need to revoke their cert, if you are using password auth, lock their account, or delete it.

[macaruchi]

Well, I am newbie but I suposse that I am using cert because I created the certificate for each client.
SO How I revoke the certificate?

2- I must create a server certification for each client ?

Now, I have just one server certification and I created 20 certicates for each client for ust one server but i dont know how to revoke their certificates to lock conection to my network?

Where I can find help or any document to read.

TIA

[janjust]

You only need a single server certificate , and each clients needs separate client certificates. If you've only handed out 2 client certs I would simply start from scratch.

If you're using the easy-rsa package to set up your certificates then do

Code: Select all

. ./vars
./revoke-full <name-of-client-cert> 

a so-called Certificate Revocation List file (CRL) will be generated, which you can include in your openvpn server setup using

Code: Select all

crl -verify<full-path-to-.crl-file>