Openvpn disable user.



  • Hi!

    First, I will apologize about my bad english… sry.

    I would like to know how to disable openvpn users (if it is possible) in the pfsense web interface.
    My vpn users was created via build-key-pass <unique-name-user>. Could I make this via "Client-Specific-Configuration" menu of OpenVPN?

    Thank you very much.

    Have a nice day ;-)</unique-name-user>



  • That's what the certificate revocation list is for.



  • Ok, thanks. I will try to find documentation about it and how to configure.



  • If I understand, I need to make:

    /openvpn/easy-rsa/revoke-full <user-key>This builds a /openvpn/easy-rsa/keys/crl.pem file. Then, I need to put this file into /var/etc path of pfsense filesystem and to edit openvpn_server0.conf for to add a line like this:

    crl-verify /var/etc/crl.pem

    And every time I need to disable a vpn user, make this and put the crl.pem file into pfsense firewall. Isn't it?</user-key>



  • http://openvpn.net/howto.html#revoke

    On pfsense there is below the fields to set the server key and certificate a field to put your CRL in.
    No need to mess around with copying files manually and modify the config files.
    Just use the field which is already in the GUI.


Log in to reply