• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Openvpn disable user.

Scheduled Pinned Locked Moved OpenVPN
5 Posts 3 Posters 14.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    toomany
    last edited by Dec 5, 2007, 11:12 AM

    Hi!

    First, I will apologize about my bad english… sry.

    I would like to know how to disable openvpn users (if it is possible) in the pfsense web interface.
    My vpn users was created via build-key-pass <unique-name-user>. Could I make this via "Client-Specific-Configuration" menu of OpenVPN?

    Thank you very much.

    Have a nice day ;-)</unique-name-user>

    1 Reply Last reply Reply Quote 0
    • C
      Cry Havok
      last edited by Dec 5, 2007, 12:00 PM

      That's what the certificate revocation list is for.

      1 Reply Last reply Reply Quote 0
      • T
        toomany
        last edited by Dec 5, 2007, 12:03 PM

        Ok, thanks. I will try to find documentation about it and how to configure.

        1 Reply Last reply Reply Quote 0
        • T
          toomany
          last edited by Dec 5, 2007, 12:37 PM

          If I understand, I need to make:

          /openvpn/easy-rsa/revoke-full <user-key>This builds a /openvpn/easy-rsa/keys/crl.pem file. Then, I need to put this file into /var/etc path of pfsense filesystem and to edit openvpn_server0.conf for to add a line like this:

          crl-verify /var/etc/crl.pem

          And every time I need to disable a vpn user, make this and put the crl.pem file into pfsense firewall. Isn't it?</user-key>

          1 Reply Last reply Reply Quote 0
          • G
            GruensFroeschli
            last edited by Dec 5, 2007, 12:48 PM

            http://openvpn.net/howto.html#revoke

            On pfsense there is below the fields to set the server key and certificate a field to put your CRL in.
            No need to mess around with copying files manually and modify the config files.
            Just use the field which is already in the GUI.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received