Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

user revoke management #4

Open
electrical opened this issue Jan 31, 2021 · 2 comments
Open

user revoke management #4

electrical opened this issue Jan 31, 2021 · 2 comments
Labels
chart-personal-ovpn

Comments

@electrical
Copy link

It would be great to add user revocation and CRL management to it.
Otherwise people will still be able to connect to the VPN.

The ovpn_revokeclient CLI tool is already in place.
I guess we just have to add a revoke-user script and CRL secret.
I think the only downside is you'll need to restart the openvpn server instance to reprocess the CRL list.
We also need to add the --crl-verify option to the server config.

Perhaps it would make sense to enable this by default?
Even if the file is empty it will still allow connections
@suda
Copy link
Owner

suda commented Feb 3, 2021

I think the script could also remove the pod and thus reprocess the CRL list. Or maybe there's an option to send it a signal to do the same thing?

Would you like to take a stab at creating a PR with such script?

@electrical
Copy link
Author

I think a rollout restart might be a bit cleaner.
Since I want to implement this for myself I'll try to make it in such a way I can contribute back.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
chart-personal-ovpn
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@suda @electrical