Revoked client still in ipp.txt ??

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
dnilgreb
OpenVPN User
Posts: 21
Joined: Fri Mar 04, 2016 12:13 pm

Revoked client still in ipp.txt ??

Post by dnilgreb » Mon Oct 21, 2019 6:07 am

I´d really like someone to shed some light over this.

In my server,conf, I have this line:

Code: Select all

ifconfig-pool-persist /usr/local/etc/openvpn/ipp.txt
The ipp.txt gets populated as it should whenever a new client connects. Bu what happens when I revoke one?
The revoke in it self works fine, generates a new CRL and everything. The revoked client cannot connect anymore.
But after the revoke is done, the line for that client is still in the ipp.txt.
I would very much like to get rid of it. How can I make it go away?

I tried the following:
Revoked a client (client01, 10.8.0.8/30)
The created a new client with the same name (client01, 10.8.0.32/30)

Then, when I connect with the client01 (10.8.0.32/30) it gets IP 10.8.0.10, which is the old ones entry.
Does someone have a way around this? Something that should be done after the revoke or somthing?

My revoke process looks like this:

Code: Select all

./easyrsa.real revoke client01
./easyrsa gen-crl
Top
Post Reply

Return to “Cert / Config management”