Hi, On Thu, Dec 30, 2021 at 7:14 AM Paul Pooker <pooker.p...@gmail.com> wrote: > > Hello, > > I was wondering whether anyone has found a way to kill clients in such a > manner that they are prevented from reconnecting to the server automatically, > with either the client being re-prompted for their passphrase to unlock their > secret key, or for the server to instruct the client to terminate OpenVPN > process on the client side, so that it must be re-executed?
I guess by "secret key" you mean the private-key of the client certificate. Use "client-kill <cid> HALT" from the server's management interface. Here <cid> is the client-id of the client you want to terminate which may be found in the "status 2" and "status 3" listings. For restarting with a password prompt, you could use "client-kill <cid>" (leave out the HALT) or "kill cn" along with "--auth-nocache" in the client config. However, this would cause a password prompt during every renegotiation as well. There are ways to avoid that if username/password is in use ---- involves a combination of auth-token and distinguishing between reneg and restart in auth-user-pass-verify process. But, with only private-key password, that is not an option. By the way, remapping signals or changing persist key has to be done in the client config (not on server) for it to have any effect on how signals are interpreted by the client or whether the key is persisted. To not persist the key just leave out that option. Also see "man openvpn". Selva _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
