I'm pretty new to OpenVPN and let me say that I'm VERY impressed so
far. We've been using the various *S/WAN products so far and now I'm
evaluating OpenVPN for being the secondary or even primary product for
our projects when it comes to VPN technology.
At the moment I'm using a "server" configuration environment with one
certificate for each "client". The clients are road warrriors (that's
the IPSEC lingo -- is there another term for those in OpenVPN context or
do you use that as well?). Now the usual question arises: what happens
if e.g. a notebook gets stolen? First I add the stolen certificate to
the CRL, update it, upload/copy it to the right place. New connection
attempts with that certificate will then be blocked. This works nicely.
So here's my question. How do I end an existing connection that uses
this stolen certificate without interrupting the other connections held
by that OpenVPN process?
Sending USR1 will tear down all the connections, and depending on the
ping-* settings in the config file they'll stay down a couple of
seconds. I'd like to avoid that. Is that possible?
LINET Services GbR
Gotenweg 15 Tel.: 0531-280 191 71
38106 Braunschweig Fax.: 0531-280 191 72
Description: PGP signature