User account
-
Hey guys, i would like te create a OpenVPN for a client with 5 VPN accounts, and i am wondering how do i disable 1 or another if an employee leaves the company in the future?
Is they're a way to deactivate an account?
If not what would be a good way to do it?
-
-
Thank's
-
I thank you to quick ;)
I did not tried it and can't find where/how to enter this command in PFsense web interface
Thnak's again for the help!
-
You execute the revoke command on your CA.
then you copy/paste the crl-file into the crl-field on the config-page.
-
First i run Windows and Mac and i have some question to ask as i am not familiar wit BSD/Linux
Can i do it directly on the pfsense box and how?
- If i want to configure PFsense for different customer, how would i be able to do the certificate for different box at different time? From what i have tested, it is always creating the certificate in the same folder.
If i want to do another client box, what do i do wit the first certificate and how to get back to it if say i want to create another client or as you mention revoke a certificate?
I have also look at this post with seem easy, but is can't figure out how to recover the created files… :o
Would that be easier to do it from the Pfsense box itself?I hope i am not to difficult with my question and i appreciate all the help this forum is providing!
- If i want to configure PFsense for different customer, how would i be able to do the certificate for different box at different time? From what i have tested, it is always creating the certificate in the same folder.
-
So you never actually created key/certificate-pairs for multiple clients?
Unless you're so far it's not much use to explain how to revoke a client.Read in the howto's on http://openvpn.net/ on how to set up a CA and multiple clients.
-
I don't think i am explaining myself very well (sorry english is not my primary language)
I don't want to create different certificat on the same firewall but on different machine for different cleint.
I am using watchguard and want to switch to PFsense for more otion, but i am not to good at Linux/BSD…
I am able to creat and make functional an openvpn on pfsense but i looks to be more complicated than my knowledge permit for more advance option.
I wish i could make this worke for me (see below). It seems to be the fastest and less complicated route for me (and all othe newbe)
etch -o - http://www.pfsense.com/~sullrich/tools/easyrsa.txt | /bin/shThis will populate /root/easyrsa4pfsense
Afterwards the script will create /root/easyrsa4pfsense/keys/ca.crt , etc mentioned in the openvpn doc wiki.
If you would like to create additional client certificates simply do this:
cd /root/easyrsa4pfsense
./build-key clientXXXX # where XXXX is the client number
How do i get the created certificat after the command is done? (may seem simple to you but not to me ) ???My question was:
In windows when i create a CR it is place in the easy-rsa Kea folder.
If i need to create another one for another box, want to do not to loos the first one if i need to go back and create another client or revoke one?Sorry again if i am not clear ant that you i you can help!
-
You could access it via the "Diagrnostics–>edit" file and ctrl-c/ctrl-v it out.
But probably a better way would be "Diagnostics-->Command Prompt" and just download the file directly.My question was:
In windows when i create a CR it is place in the easy-rsa Kea folder.
If i need to create another one for another box, want to do not to loos the first one if i need to go back and create another client or revoke one?You really should read the howto's on http://openVPN.net
If you create a new key/certificate pair you dont loose the already created pairs.
And if you revoke one pair you wont loose all the others.Or are you talking about running multipe CA's one a single machine?
-
Try drawing a diagram of how you want it to be setup then we might understand it better but I'm no Linux/BSD hawk but still managed to set it up. with different user accounts, you don't need to create the .ca's in the pfsense box you can create them on a different one aslong as ALL of your .ca's are created on the same computer(no exception).
