chromatic/openvpn-install
1
0
Fork 0
mirror of https://github.com/hwdsl2/openvpn-install.git synced 2026-01-11 02:46:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve client revocation

Browse Source 
- Apply upstream change Nyr/openvpn-install commit e574074.
- Remove leftover files after client revocation
- Cleanup
This commit is contained in:
hwdsl2
2025-03-24 21:44:35 -05:00
parent 4a1eb578cb
commit ecaef4943f
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
openvpn-install.sh
View File

@@ -600,7 +600,7 @@ select_protocol() {
select_port() { select_port() {
if [ "$auto" = 0 ]; then if [ "$auto" = 0 ]; then
echo echo
echo "Which port should OpenVPN listen to?" echo "Which port should OpenVPN listen on?"
read -rp "Port [1194]: " port read -rp "Port [1194]: " port
until [[ -z "$port" || "$port" =~ ^[0-9]+$ && "$port" -le 65535 ]]; do until [[ -z "$port" || "$port" =~ ^[0-9]+$ && "$port" -le 65535 ]]; do
echo "$port: invalid port." echo "$port: invalid port."
@@ -1289,6 +1289,8 @@ revoke_client_ovpn() {
./easyrsa --batch --days=3650 gen-crl >/dev/null 2>&1 ./easyrsa --batch --days=3650 gen-crl >/dev/null 2>&1
) )
rm -f /etc/openvpn/server/crl.pem rm -f /etc/openvpn/server/crl.pem
rm -f /etc/openvpn/server/easy-rsa/pki/reqs/"$client".req
rm -f /etc/openvpn/server/easy-rsa/pki/private/"$client".key
cp /etc/openvpn/server/easy-rsa/pki/crl.pem /etc/openvpn/server/crl.pem cp /etc/openvpn/server/easy-rsa/pki/crl.pem /etc/openvpn/server/crl.pem
# CRL is read with each client connection, when OpenVPN is dropped to nobody # CRL is read with each client connection, when OpenVPN is dropped to nobody
chown nobody:"$group_name" /etc/openvpn/server/crl.pem chown nobody:"$group_name" /etc/openvpn/server/crl.pem