Openvpn disable user.
-
Hi!
First, I will apologize about my bad english… sry.
I would like to know how to disable openvpn users (if it is possible) in the pfsense web interface.
My vpn users was created via build-key-pass <unique-name-user>. Could I make this via "Client-Specific-Configuration" menu of OpenVPN?Thank you very much.
Have a nice day ;-)</unique-name-user>
-
That's what the certificate revocation list is for.
-
Ok, thanks. I will try to find documentation about it and how to configure.
-
If I understand, I need to make:
/openvpn/easy-rsa/revoke-full <user-key>This builds a /openvpn/easy-rsa/keys/crl.pem file. Then, I need to put this file into /var/etc path of pfsense filesystem and to edit openvpn_server0.conf for to add a line like this:
crl-verify /var/etc/crl.pem
And every time I need to disable a vpn user, make this and put the crl.pem file into pfsense firewall. Isn't it?</user-key>
-
http://openvpn.net/howto.html#revoke
On pfsense there is below the fields to set the server key and certificate a field to put your CRL in.
No need to mess around with copying files manually and modify the config files.
Just use the field which is already in the GUI.