Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    User account

    Scheduled Pinned Locked Moved OpenVPN
    10 Posts 3 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      running
      last edited by

      Hey guys, i would like te create a OpenVPN for a client with 5 VPN accounts, and i am wondering how do i disable 1 or another if an employee leaves the company in the future?

      Is they're a way to deactivate an account?

      If not what would be a good way to do it?

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        http://openvpn.net/howto.html#revoke

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • R
          running
          last edited by

          Thank's

          1 Reply Last reply Reply Quote 0
          • R
            running
            last edited by

            I thank you to quick ;)

            I did not tried it and can't find where/how to enter this command in PFsense web interface

            Thnak's again for the help!

            1 Reply Last reply Reply Quote 0
            • GruensFroeschliG
              GruensFroeschli
              last edited by

              You execute the revoke command on your CA.
              then you copy/paste the crl-file into the crl-field on the config-page.

              We do what we must, because we can.

              Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

              1 Reply Last reply Reply Quote 0
              • R
                running
                last edited by

                First i run Windows and Mac and i have some question to ask as i am not familiar wit BSD/Linux

                Can i do it directly on the pfsense box and how?

                • If i want to configure PFsense for different customer, how would i be able to do the certificate for different box at different time? From what i have tested, it is always creating the certificate in the same folder.
                  If i want to do another client box, what do i do wit the first certificate and how to get back to it if say i want to create another client or as you mention revoke a certificate?

                I have also look at this post with seem easy, but is can't figure out how to recover the created files… :o
                Would that be easier to do it from the Pfsense box itself?

                I hope i am not to difficult with my question and i appreciate all the help this forum is providing!

                1 Reply Last reply Reply Quote 0
                • GruensFroeschliG
                  GruensFroeschli
                  last edited by

                  So you never actually created key/certificate-pairs for multiple clients?
                  Unless you're so far it's not much use to explain how to revoke a client.

                  Read in the howto's on http://openvpn.net/ on how to set up a CA and multiple clients.

                  We do what we must, because we can.

                  Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                  1 Reply Last reply Reply Quote 0
                  • R
                    running
                    last edited by

                    I don't think i am explaining myself very well (sorry english is not my primary language)

                    I don't want to create different certificat on the same firewall but on different machine for different cleint.

                    I am using watchguard and want to switch to PFsense for more otion, but i am not to good at Linux/BSD…

                    I am able to creat and make functional an openvpn on pfsense but i looks to be more complicated than my knowledge permit for more advance option.

                    I wish i could make this worke for me (see below). It seems to be the fastest and less complicated route for me (and all othe newbe)
                    etch -o - http://www.pfsense.com/~sullrich/tools/easyrsa.txt | /bin/sh

                    This will populate /root/easyrsa4pfsense
                    Afterwards the script will create /root/easyrsa4pfsense/keys/ca.crt , etc mentioned in the openvpn doc wiki.
                    If you would like to create additional client certificates simply do this:
                    cd /root/easyrsa4pfsense
                    ./build-key clientXXXX    # where XXXX is the client number

                    How do i get the created certificat after the command is done? (may seem simple to you but not to me ) ???

                    My question was:
                    In windows when i create a CR it is place in the easy-rsa Kea folder.
                    If i need to create another one for another box, want to do not to loos the first one if i need to go back and create another client or revoke one?

                    Sorry again if i am not clear ant that you i you can help!

                    1 Reply Last reply Reply Quote 0
                    • GruensFroeschliG
                      GruensFroeschli
                      last edited by

                      You could access it via the "Diagrnostics–>edit" file and ctrl-c/ctrl-v it out.
                      But probably a better way would be "Diagnostics-->Command Prompt" and just download the file directly.

                      My question was:
                      In windows when i create a CR it is place in the easy-rsa Kea folder.
                      If i need to create another one for another box, want to do not to loos the first one if i need to go back and create another client or revoke one?

                      You really should read the howto's on http://openVPN.net
                      If you create a new key/certificate pair you dont loose the already created pairs.
                      And if you revoke one pair you wont loose all the others.

                      Or are you talking about running multipe CA's one a single machine?

                      We do what we must, because we can.

                      Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                      1 Reply Last reply Reply Quote 0
                      • J
                        johii
                        last edited by

                        Try drawing a diagram of how you want it to be setup then we might understand it better but I'm no Linux/BSD hawk but still managed to set it up. with different user accounts, you don't need to create the .ca's in the pfsense box you can create them on a different one aslong as ALL of your .ca's are created on the same computer(no exception).

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.