On Mon, 17 Feb 2025 20:39:57 +0000, tincantech via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote:
>-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA512 > >Hi Bo, > >On Monday, 17 February 2025 at 15:28, Bo Berglund <bo.bergl...@gmail.com> >wrote: > >> On the old server I have migrated over the years through easyrsa versions up >> to >> 3.1.5, which is what is now used there. >> >> Can I just copy over the directory tree in $HOME/openvpn where all the >> management stuff resides and then replace easyrsa with the now latest version >> from Github (3.2.2) without editing my scripts that use easyrsa? > >Yes, copy your data and upgrade to Easy-RSA v 3.2.2 - That is supported. Good, then I will just tar the old server's directories and write them on the new server's disk at the proper places. >> I.e. has there been some functional change regarding the way to use easyrsa >> between those versions? > >There is one functional change: > >Command `revoke` can only be used in --batch mode. >Otherwise, for interactive use, the command is now `revoke-issued`. >This is to protect against revoking an 'issued' certificate when it >is intended to revoke a 'renewed' or 'expired' certificate. Well, I have a limited number of clients and I have "solved" this by using the ccd entries to block the ones that have left us if they try to connect. It was safer than using the revocation as I tried to do once but managed to block the whole server for everyone... I think I wrote about that here when it happened a couple of years back. By using the ccd entries I get what we need: preventing them from connecting, without messing with the revocation handling. So I am fine with the new easyrsa then! :) Thanks again! -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
