I am running openvpn-2.4.9-1.el7.x86_64 on CentOS Linux release 7.8.2003 (Core) server. I have a specific question regarding disabling or deactivating VPN users once they leave the organization. Is there a method to revoke OpenVPN users from the command line?
I will appreciate if someone can pitch in for help. Thanks in Advance.
Best Regards,
Kaushal
Re: Deactivate Users from OpenVPN Server
Posted: Fri Oct 02, 2020 11:55 am
by 300000
you need to use authentication on user name and password after than you need to user certificate on all user , everybody have a certificate and use revocation check list to disable or enable user on demand , if user base large it is nightmare to management huge number you need to keep certificates on secure
Re: Deactivate Users from OpenVPN Server
Posted: Fri Oct 02, 2020 4:45 pm
by kaushalshriyan
Thanks for the reply. I will appreciate if you can point me to the document to add username password to the below mentioned configuration.
Server config
server 10.8.0.0 255.255.255.0
verb 3
key /etc/openvpn/server.key
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
dh /etc/openvpn/dh.pem
keepalive 10 120
persist-key
persist-tun
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "route 192.168.0.0 255.255.255.0"
duplicate-cn
user nobody
group nobody
proto tcp
port 1198
dev tun
status /var/log/openvpn-status.log 60
status-version 2
log-append openvpn.log
Client config
dev tun
proto tcp
remote 213.117.215.12 1198
cipher AES-256-GCM
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
key mukesh.key
cert mukesh.crt
ca ca.crt
Thanks in Advance.
Best Regards,
Kaushal
Re: Deactivate Users from OpenVPN Server
Posted: Sat Oct 03, 2020 12:38 pm
by 300000
your question is quite hard to answer , you need to do it yourself or going here to learn viewforum.php?f=16 after that you must do all of them and if something wrong come back here so people can help you .
when openvpn use more than one person so that is for commercial purport so consider going to openvpn access server is easy for you to management user than community version