How to retrict IP address using openvpn on pfsese
-
Hello guys,
I allowed one person using openvpn access to local network by using pfsense, but now he stopped working, I saw in openvpn log file and found he was accessing on my network, so how to restrict his ip address on pfsense? please, help me…. thanks so much
-
You dont want to just block his IP but to disable his certificate:
http://openvpn.net/index.php/open-source/documentation/howto.html#revokecopy the content of the generated file and put it into the crl field of the openvpn server.
-
I can't find easy-rsa directory in pfsense's shell, so I downloaded a new openvpn-2.1.3, cd to easy-rsa and run ./vars command, it show me an error message: # ./vars
export: Command not found.
export: Command not found.
export: Command not found.
export: Command not found.
EASY_RSA: Undefined variable.
export: Command not found.
EASY_RSA: Undefined variable.Can you help me? or I should try to reinstall openvpn (new version) and generate new keys.
-
How did you generate and issue the keys before? You run the revoke steps there. If you don't still have that device, and the master CA key, then you have to re-issue all certificates, including the CA and server keys. You should also take steps to ensure that you can revoke keys in future.
