[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] stopping only one connection in a "server" configuration

  • Subject: [Openvpn-users] stopping only one connection in a "server" configuration
  • From: Moritz Bunkus <m.bunkus@xxxxxxxxxxxxxxxxx>
  • Date: Tue, 5 Apr 2005 09:30:53 +0200


I'm pretty new to OpenVPN and let me say that I'm VERY impressed so
far. We've been using the various *S/WAN products so far and now I'm
evaluating OpenVPN for being the secondary or even primary product for
our projects when it comes to VPN technology.

At the moment I'm using a "server" configuration environment with one
certificate for each "client". The clients are road warrriors (that's
the IPSEC lingo -- is there another term for those in OpenVPN context or
do you use that as well?). Now the usual question arises: what happens
if e.g. a notebook gets stolen? First I add the stolen certificate to
the CRL, update it, upload/copy it to the right place. New connection
attempts with that certificate will then be blocked. This works nicely.

So here's my question. How do I end an existing connection that uses
this stolen certificate without interrupting the other connections held
by that OpenVPN process?

Sending USR1 will tear down all the connections, and depending on the
ping-* settings in the config file they'll stay down a couple of
seconds. I'd like to avoid that. Is that possible?


LINET Services GbR

Gotenweg 15                      Tel.: 0531-280 191 71
38106 Braunschweig               Fax.: 0531-280 191 72


Attachment: pgpkGA1cfj623.pgp
Description: PGP signature