From 6cbbca398af3bbf7c12e2c714abb8ecb648ccd13 Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Sat, 10 Sep 2022 00:11:04 -0500
Subject: [PATCH] Improve client revocation

- When revoking a client, remove previously generated client config
  file for the client.
- Cleanup
---
 openvpn-install.sh | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index b40f4d6..8195f82 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -563,7 +563,7 @@ else
 	echo
 	echo "Select an option:"
 	echo "   1) Add a new client"
-	echo "   2) Export configuration for an existing client"
+	echo "   2) Export config for an existing client"
 	echo "   3) Revoke an existing client"
 	echo "   4) Remove OpenVPN"
 	echo "   5) Exit"
@@ -646,6 +646,8 @@ else
 				read -p "Confirm $client revocation? [y/N]: " revoke
 			done
 			if [[ "$revoke" =~ ^[yY]$ ]]; then
+				echo
+				echo "Revoking $client..."
 				cd /etc/openvpn/server/easy-rsa/
 				(
 					set -x
@@ -656,6 +658,12 @@ else
 				cp /etc/openvpn/server/easy-rsa/pki/crl.pem /etc/openvpn/server/crl.pem
 				# CRL is read with each client connection, when OpenVPN is dropped to nobody
 				chown nobody:"$group_name" /etc/openvpn/server/crl.pem
+				get_export_dir
+				ovpn_file="$export_dir$client.ovpn"
+				if [ -f "$ovpn_file" ]; then
+					echo "Removing $ovpn_file..."
+					rm -f "$ovpn_file"
+				fi
 				echo
 				echo "$client revoked!"
 			else