OpenVPN: Revoking Access and Expanding Management Options

That OpenVPN connection sure does give you a sense of security doesn't it? There are still a few more things you should know to extend what the software can do.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

On-Demand Webinar

(Page 1 of 2)

Now that you have a fully functional OpenVPN connection, it sure does give you a valid sense of security doesn't it? There are still a few more things you should know in order to extend what the software can do.

Still not up and running? Read Part 1 and Part 2 of this series to get caught up.

Revoking access: kicking out the riff raff

In a perfect world everyone you hired, or are collaborating with, would be gracious and understanding when you no longer require their services. Unfortunately allowing them access to your network after their departure is a serious security liability and is generally ill-advised unless you want all manner of company secrets to leak out long after they're gone.

Then there are those cases where a machine may have fallen into the wrong hands. Thankfully the process for removing the access privileges to your network takes a few easy steps. You'll likely want to know which client you want to stop accessing your server first and foremost, which you have been dutifully cataloging since you've begun using the software.

Open up your trusty command prompt and change the directory until you're in your OpenVPN's working easy-rsa directory. From there the first two commands you'll want to run are:

The requisite text scroll should inform you that the software has created a file called crl.pem which contains keys that you have chosen to prevent access to your OpenVPN server. You'll want to copy this file to a location that OpenVPN can access and add the following to your server's configuration file:

If everything has gone smoothly you'll have yourself a freshly secured server which is no longer accessible to those you've added to the crl file. For those users that keep a constant connection to the server you'll want to restart the server in order to sever any current links.

A quick tip lest ye forget: vars

There is a simple command to remember for future reference should you require the services of the key building functionality in OpenVPN, which you will, and it just happened to be mentioned earlier:

You won't be able to create any new keys for your clients without running it again and it's something that's easily forgotten, which will lead to quite a bit of lost time trying to track down errors in your installation before realizing that you need this simple command.

Page 1 of 2

1 2
Next Page

Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.