On Tue, 13 Jun 2023 10:16:36 +0200, Ralf Hildebrandt via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote:
>Using openvpn 2.6.4-focal0 (on Ubuntu focal 20.04) >What's wrong here? Just saw this thread, so I thought I could add my own experience with CRL... Back in February I tried to use a CRL to block some OVPN holders that have quit the team from logging on. I got it to work but then suddenly a short while afterwards NOONE could log on anymore! Turns out that the CRL file has to be renewed regularly otherwise the full server becomes locked down! And the interval is pretty short too. So I had to abandon this and instead found a way using ccd directory on the server. Server conf file: client-config-dir /etc/openvpn/ccdw Then blocking the client is as simple as this: 1) Create a file named as the client's Common Name inside the ccd directory (like /etc/openvpn/ccdw/Employee_13) 2)Write the single command: disabled into the file. Now the server works as before for all users except the one with the file in the ccd dir who is blocked from access. This has worked fine ever since for us. -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
