Find the answer to your Linux question:
Results 1 to 3 of 3
Hello, I just set up an OpenVPN server following the official Debian Wiki instructions for OpenVPN. I would like to know if there's a way to revoke access to a ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! Pyrobisqit's Avatar
    Join Date
    May 2011
    Posts
    29

    Revoking access to a user in OpenVPN?


    Hello,

    I just set up an OpenVPN server following the official Debian Wiki instructions for OpenVPN.

    I would like to know if there's a way to revoke access to a specific user. Let's say I issue user1.crt and user2.crt (along with its corresponding .key files of course). If user2 loses his certificate and key or gets stolen, user2 could potentially compromise the security of the OpenVPN LAN, therefore, would it be possible to revoke the current certificate for user2 and then reissue a new one for him? This way, the attacker would only have the old version of the files, and the server would not allow the attacker to enter the server.

    I would rather not use password-based encryption for these .key files, but just like with PGP keys, revoke them and render them 100% useless without having to revoke all OpenVPN keys for all clients and the server itself.

    Thanks!

  2. #2
    Just Joined!
    Join Date
    Sep 2008
    Posts
    13
    Look into the crl-verify server option.

  3. #3
    Just Joined!
    Join Date
    Mar 2003
    Location
    CT
    Posts
    11
    Or you can invalidate or revoke the certificate see h t t p://forums.openvpn.net/topic9253.html and h t t p://openvpn.net/index.php/open-source/documentation/howto.html

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •