mirror of
https://github.com/hwdsl2/openvpn-install.git
synced 2026-01-28 19:01:03 +00:00
Improve client revocation
- When revoking a client, remove previously generated client config file for the client. - Cleanup
This commit is contained in:
hwdsl2
@@ -563,7 +563,7 @@ else
|
|||||||
echo
|
echo
|
||||||
echo "Select an option:"
|
echo "Select an option:"
|
||||||
echo " 1) Add a new client"
|
echo " 1) Add a new client"
|
||||||
echo " 2) Export configuration for an existing client"
|
echo " 2) Export config for an existing client"
|
||||||
echo " 3) Revoke an existing client"
|
echo " 3) Revoke an existing client"
|
||||||
echo " 4) Remove OpenVPN"
|
echo " 4) Remove OpenVPN"
|
||||||
echo " 5) Exit"
|
echo " 5) Exit"
|
||||||
@@ -646,6 +646,8 @@ else
|
|||||||
read -p "Confirm $client revocation? [y/N]: " revoke
|
read -p "Confirm $client revocation? [y/N]: " revoke
|
||||||
done
|
done
|
||||||
if [[ "$revoke" =~ ^[yY]$ ]]; then
|
if [[ "$revoke" =~ ^[yY]$ ]]; then
|
||||||
|
echo
|
||||||
|
echo "Revoking $client..."
|
||||||
cd /etc/openvpn/server/easy-rsa/
|
cd /etc/openvpn/server/easy-rsa/
|
||||||
(
|
(
|
||||||
set -x
|
set -x
|
||||||
@@ -656,6 +658,12 @@ else
|
|||||||
cp /etc/openvpn/server/easy-rsa/pki/crl.pem /etc/openvpn/server/crl.pem
|
cp /etc/openvpn/server/easy-rsa/pki/crl.pem /etc/openvpn/server/crl.pem
|
||||||
# CRL is read with each client connection, when OpenVPN is dropped to nobody
|
# CRL is read with each client connection, when OpenVPN is dropped to nobody
|
||||||
chown nobody:"$group_name" /etc/openvpn/server/crl.pem
|
chown nobody:"$group_name" /etc/openvpn/server/crl.pem
|
||||||
|
get_export_dir
|
||||||
|
ovpn_file="$export_dir$client.ovpn"
|
||||||
|
if [ -f "$ovpn_file" ]; then
|
||||||
|
echo "Removing $ovpn_file..."
|
||||||
|
rm -f "$ovpn_file"
|
||||||
|
fi
|
||||||
echo
|
echo
|
||||||
echo "$client revoked!"
|
echo "$client revoked!"
|
||||||
else
|
else
|
||||||
|
|||||||
Reference in New Issue
Block a user