On Thu, 23 Feb 2023 18:34:11 +0100, David Sommerseth <dazo+open...@eurephia.org> wrote:
>You can also explicitly disable clients this way with client-config-dir >by adding the option "disable" inside such a CCD config file. > Thanks a lot!! This sounds like a more convenient way of handling the lockout of certain clients! It means that I could create a file inside the ccd directory by the common name of the client and add the single line disable to it and then the client would not be able to connect? I do use ccd dir handling for example in order to assign certain clients (i.e consultants) special IP addresses which in turn will drop any access attempt to any other LAN server than the one thay are allowed to use. This is done via IPTABLES rules for the specific IP addresses. So the ccd handling is there already and if a command "disable" inside the ccd file would make them unable to connect then all is solved and this would not require any special cert handling either. Grateful for this hint, now done! So now I only need to look over the general expiration of the entire system... -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
