[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

RE: [Openvpn-users] Disable users

  • Subject: RE: [Openvpn-users] Disable users
  • From: "Khoi Dinh" <khoi@xxxxxxxxxxxx>
  • Date: Sun, 23 Oct 2005 15:11:00 -0700

Thanks Mathias!  I was finally able to use --tls-verify successfully.  I had
my server chrooted and that made troubleshooting more difficult.


-----Original Message-----

Both --tls-verify and --crl-verify can be used for this.

--tls-verify executes a script which you can have check the certificate's 
CN agaist a list of users you wish to reject or accept.

--crl-verify should refer to a standard CRL file which is a file 
containing a list of revoked certificates. There is no need to restart 
OpenVPN when adding certs to this file as OpenVPN will check it each time 
a new client connects. See the openssl manpage for more info on how to 
create a CRL file or look at the easy-rsa scripts that come with OpenVPN.

Mathias Sundman                  (^)   ASCII Ribbon Campaign
OpenVPN GUI for Windows           X    NO HTML/RTF in e-mail
http://openvpn.se/               / \   NO Word docs in e-mail

Openvpn-users mailing list