How To Remove/Revoke OpenVPN Server’s Clients From OpenVPN Server On RHEL/CentOS 6/7
Awesome Tools OpenVPN Tutorials

How To Remove/Revoke OpenVPN Server’s Clients From OpenVPN Server On RHEL/CentOS 6/7

In this article, we will learn to remove an OpenVPN server’s client and we will learn to restrict the client from accessing for OpenVPN server. As in our previous article, we learned to Add/Create a New OpenVPN Client Key for OpenVPN Server this just a reverse.

Reason For Revoke Client Access

There are some scenarios where we want secure our servers and network because the key was lost or stolen. Also sometimes when a user is leaving the organization and as result, we have to terminate his/her key. And one of the most common scenarios is when a client key is no longer needed.

Note: If you are a SUDO user then prefix every command with sudo, like #sudo ifconfig

If you want to read more article on OpenVPN then you may follow Given below links

Part 1:  How To Install And Setup OpenVPN Server On CentOS/RHEL 7?
Part 2: How To Install And Setup OpenVPN Server On CentOS/RHEL 6?
Part 3: Setup Linux And Windows Clients To Connect With OpenVPN Server In RHEL/CentOS 6/7
Part 4: How To Add/Create A New OpenVPN Client For OpenVPN Server In CentOS/RHEL 6/7
Part 6: How To Remove OpenVPN Server from CentOS/RHEL 6/7

Prerequisites:

A Pre-Installed and running OpenVPN Server.
A running OpenVPN client key

Scenario

OpenVPN server: 192.168.1.188 – Already Running
OpenVPN Client: 192.168.1.19

Let’s Start

To start revoking access of client key you should be clear and specific. So we will identify the key before going for deletion.

Note: All Activities in this article will be done on OpenVPN Server.

Step 1: Figure Out The Key For Removal

You should be specific while removing or revoking a client key because wrong key removal will lead to a non-accessible environment for the users who were using accidentally deleted key. So to check the presence or absence of the key use the following command.

This command will tell you the total numbers of client key on OpenVPN server. As the output shows that this OpenVPN server has 2 keys.

Now we can check and list all the Client Name/ keys which are present on OpenVPN server

Step 2: Revoke Certificate For Selected Client

Well we have successfully listed all our client and for this example, we will revoke access for newClient here and regenerate CRL after deletion

Note: replace the highlighted value with your scenario

In this step, we have revoked access for newClient and deleted CRL file

Step 3: Delete Associated Keys And Certificates

After revoking the access of client we need to delete the ‘.key’ file ‘.crt’ file and ‘.req’ file related to that key. So run the following command to clear our server from unneeded files.

Well, we have deleted our revoked file and certificates

Step 4: Regenerate The New CRL File

As we did delete our CRL file in step 2 so we need to recreate it. CRL stands for Certificate Revocation List (CRL). A client application, such as a web browser, can use a CRL to check a server’s authenticity. OpenVPN uses this CRL to deny access to clients that are no longer trusted.

After Generation, Copy this file to OpenVPN working Directory to make available for working environment.

Now, we need to change the ownership of newly created CRL because CRL is read with each client connection when OpenVPN is dropped to nobody so executing the same

We have successfully deleted a client access now our server is secured In next article we will learn to remove an OpenVPN installation from server completely

You May Like These Also

Part 1:  How To Install And Setup OpenVPN Server On CentOS/RHEL 7?
Part 2: How To Install And Setup OpenVPN Server On CentOS/RHEL 6?
Part 3: Setup Linux And Windows Clients To Connect With OpenVPN Server In RHEL/CentOS 6/7
Part 4: How To Add/Create A New OpenVPN Client For OpenVPN Server In CentOS/RHEL 6/7
Part 5: How To Remove Revoke OpenVPN Server’s Clients From OpenVPN Server On RHEL/CentOS 6/7
Part 6: How To Remove OpenVPN Server from CentOS/RHEL 6/7

Kapendra
Love to write technical stuff with personal experience as I am working as a Sr. Linux Admin. and every day is a learning day and Trust me being tech geek is really cool.
http://kapendra.com

Leave a Reply