Question about revoke procedure

yukih · Post by **yukih** » Mon Jul 13, 2020 5:43 am

Hi,

I have an OpenVPN server installed and running on FreeBSD.

FreeBSD version : 12.1
OpenVPN version : 2.4.8

The revoke process creates crl.pem, but copy this file to a location where openvpn can access it.
Then, it is natural that the client PC that is the target of revoke cannot newly connect to the OpenVPN server.
However, the client PC that is not the target of revoke cannot connect to the OpenVPN server newly.
There was a message "CRL: cannot read: crl.pem" in the log.

At this time, if the OpenVPN daemon is restarted, client PCs that are not the target of revoke can newly connect to the OpenVPN server.

Is this as expected?

TinCanTech · Post by **TinCanTech** » Mon Jul 13, 2020 1:50 pm

yukih wrote: ↑
Mon Jul 13, 2020 5:43 am
There was a message "CRL: cannot read: crl.pem" in the log

Then you should find out why the file cannot be read ..

viewtopic.php?f=30&t=22603#p68963

yukih · Post by **yukih** » Tue Jul 14, 2020 2:37 am

It did not have read permission on the crl.pem file.
Granting read permission solved the problem.

OpenVPN Support Forum

Question about revoke procedure

Question about revoke procedure

Re: Question about revoke procedure

Re: Question about revoke procedure