Openvpn, remove user with easy-rsa 2.0

To remove the openVPN user, the certificate of the user must be revoked. Deleting the certificate will NOT work and user will still have access to the openVPN. Ensure the cert and private key is inside before you proceed. Copy from the client if you do not have the cert and private key.

Your cert file should look like this:

username.crt
username.key

cd to the root folder of your easy-rsa 2.0:

cd /etc/openvpn/easy-rsa/2.0/

Run the command below to revoke the certificate for the user:

./revoke-full username

Add the below line to your server.conf if it doesn't exist:

vi /etc/openvpn/server.conf
crl-verify /etc/openvpn/keys/crl.pem

Restart the openVPN:

systemctl restart openvpn@server

Be the first to comment

Leave a Reply

Your email address will not be published.


*