Thomas S's picture

How can I easily temporarily block a client from connecting to the Turnkey OpenVPN appliance?

The client has a unique key and .ovpn file created with the openvpn-addclient helper program. I tried removing their files from /etc/openvpn/easy-rsa/keys and restarting the openvpn service but the client still connects.

I want to do this in a way I can reverse from the server without needing to touch the client. So I'm guessing revoking their certificate/key and creating a new one is out because I'd need to distribute the new .ovpn file.

Jeremy Davis's picture

I guess that it would be possible to backup everything, then revoke the client certificate, then when you want to reinstate the user, then restore the backup?! I would assume that would work, but TBH, I'm not completely sure?! The downside of that would be that any other changes that you made (e.g. added new clients, revoked other client certs) would be lost.

TBH, I don't have a deep understanding on how OpenVPN works under the hood (I get the basic premise and have a high level understanding of some of the mechanics; but don't know the details). So perhaps I'm missing something and there is an easy/better way to achieve what you want? Maybe it's worth asking on the OpenVPN forums?

If you do post elsewhere, please feel free to post a link back here. Plus if you do find a solution, it'd be great if you could post back with that too as I'm sure it'd be useful for others.

Add new comment