You are here
Scott - Fri, 2017/01/20 - 21:02
Greetings all!
Quick question - regarding accounts in OpenVPN.
I know that when you want to disallow access for a user you can use the revoke option.
But, what if you want an existing user to get a new profile?
Or what if you want (for the sake of housecleaning) want to remove a profile.
A situation may be that a user has left that had administrative access to other users profiles, and we want to re-gen them for the other users.
Also, we have a number of old users that we would like to remove (not just revoke).
Thanks!
Forum:
I don't have a lot of experience with OpenVPN
Having said that, other than our helper scripts, under the hood it's a default OpenVPN Debian install. So from my quick googling, once you revoke the user keys, that actually deletes the keys.
I'm guessing from your question that even after the keys have been revoked (essentially removing the user's access) that there is still some sort of profile that remains. Assuming that you know where it is, perhaps it's as simple as just deleting the relevant files.
I guess if all else fails, you can always read the upstream docs!?
Personally, in similar situations, I'm a big fan of testing this sort of stuff using a VM. If you want to test with real world data, you could do a TKLBAM restore. In this case, you probably don't even need to do that.
I would be inclined to set up a clean OpenVPN VM, get it running then add a couple of users, check they work, then remove one (as I hint above) and see what happens. If it breaks stuff for the other user, then you know that's bad. If it all checks out, then you can redo it on your production server.
Actually...
Add new comment