From ecaef4943f95a57944b8c75f5eedad573875180c Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Mon, 24 Mar 2025 21:44:35 -0500
Subject: [PATCH] Improve client revocation

- Apply upstream change Nyr/openvpn-install commit e574074.
- Remove leftover files after client revocation
- Cleanup
---
 openvpn-install.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index c395303..d3a2488 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -600,7 +600,7 @@ select_protocol() {
 select_port() {
 	if [ "$auto" = 0 ]; then
 		echo
-		echo "Which port should OpenVPN listen to?"
+		echo "Which port should OpenVPN listen on?"
 		read -rp "Port [1194]: " port
 		until [[ -z "$port" || "$port" =~ ^[0-9]+$ && "$port" -le 65535 ]]; do
 			echo "$port: invalid port."
@@ -1289,6 +1289,8 @@ revoke_client_ovpn() {
 		./easyrsa --batch --days=3650 gen-crl >/dev/null 2>&1
 	)
 	rm -f /etc/openvpn/server/crl.pem
+	rm -f /etc/openvpn/server/easy-rsa/pki/reqs/"$client".req
+	rm -f /etc/openvpn/server/easy-rsa/pki/private/"$client".key
 	cp /etc/openvpn/server/easy-rsa/pki/crl.pem /etc/openvpn/server/crl.pem
 	# CRL is read with each client connection, when OpenVPN is dropped to nobody
 	chown nobody:"$group_name" /etc/openvpn/server/crl.pem