OpenVPN user blocking/restoration [solved]



  • Hi,

    sorry if there is a topic with problem like mine, but my search turned up nothing.

    So, the problem is this: I deleted a user certificate set from the Certificates tab in Cert Manager without revoking it. It turns up now that the user is able to access the VPN network without being listed in the Certificates tab.

    My question is: is there a way to block him, or restore the certificates so I can revoke them?

    I'm using pfSense 2.0.2


  • Rebel Alliance Developer Netgate

    If you still have a copy of the certificate, import it back into the GUI and then revoke it. If it hasn't been too long, check Diagnostics > Backup/Restore, Config History tab and download an older copy of the config before it was deleted and then you can get it that way (find the lines in the config, then base64 decode them, and then import the resulting text back into the GUI)

    If you had removed it and that was the last significant change you made, then you could use the config history to restore back to the previous config that contains the certificate.



  • Hi jimp,

    thanks for your reply. I went to the Diagnostics > Backup/Restore tab you told me, and made a diff between the current configuration and an older one about the time when I deleted the certificate in question. That helped me to locate the "" fragment with the certificates I need. I managed to import the certificate and private key, and to put them in revocation.

    Guess that's it, I'm marking this topic solved. Thank you! :)

    UPDATE: It appears that the user is able to connect despite that. Any clues why?

    UPDATE2: I rechecked my settings again and found that I overlooked the "Peer Certificate Revocation List" in the "Cryptographic Settings" section of OpenVPN settings (VPN->OpenVPN->edit the network in question). It was set to "none" instead of my revocation list. Changed that and now revocation is working perfectly. Thank you again :)


Log in to reply