Page 1 of 1
Elimintate a client from server
Posted: Thu Aug 11, 2011 4:42 pm
by macaruchi
Hi!
I have a OpenVPN server with 20 users and everything is fine but now I need to eliminate 2 users from my server. How can I delete the access for these 2 users ?
I know if that I delete the cert into the clients I can do it but it is imposible now.
There is a way to tell it to server that user can not connect to my server ?
TIA
Re: Elimintate a client from server
Posted: Thu Aug 11, 2011 4:59 pm
by george
If you are using cert based authentication, you just need to revoke their cert, if you are using password auth, lock their account, or delete it.
Re: Elimintate a client from server
Posted: Thu Aug 11, 2011 8:39 pm
by macaruchi
Well, I am newbie but I suposse that I am using cert because I created the certificate for each client.
SO How I revoke the certificate?
2- I must create a server certification for each client ?
Now, I have just one server certification and I created 20 certicates for each client for ust one server but i dont know how to revoke their certificates to lock conection to my network?
Where I can find help or any document to read.
TIA
Re: Elimintate a client from server
Posted: Fri Aug 12, 2011 8:53 am
by janjust
You only need a single server certificate , and each clients needs separate client certificates. If you've only handed out 2 client certs I would simply start from scratch.
If you're using the easy-rsa package to set up your certificates then do
Code: Select all
. ./vars
./revoke-full <name-of-client-cert>
a so-called Certificate Revocation List file (CRL) will be generated, which you can include in your openvpn server setup using
Code: Select all
crl -verify<full-path-to-.crl-file>