Opened 8 months ago

Last modified 7 months ago

#1381 assigned User question

Deleting client's records

Reported by: andrey-mz3 Owned by: tct
Priority: minor Milestone:
Component: easy-rsa Version: OpenVPN 2.5.0 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: delete remove client
Cc:

Description

I wanted to completely remove a client from the server.
I've ran revoke_client from the easy-rsa2 scripts and revoked their certificate.
I followed this by deleting all the files in the keys folder relating to that client, just to clean up.
However, everytime I start the server I see things relating to that client come up in the logs:
IFCONFIG POOL LIST

I realised that the ifconfig-pool-persist option was enabled so I deleted the lines from ipp.txt about that client.
When I restart the server, it somehow got this information again.

I looked at some more files and realised that there were client related things in keys/index.txt.

My question is:
How do I completely remove all files and records of a client that I no longer need on my server? If I have clients I'm constantly adding/removing I want to clean up those files/records and prevent the server from persisting ip's for them and such.

Change History (1)

comment:1 Changed 7 months ago by Gert Döring

Owner: changed from Eric Crist to tct
Priority: majorminor
Status: newassigned

You seem to be mixing easy-rsa related questions (keys/index.txt) with openvpn related (ipp.txt).

Since different people are working on these, make up your mind :-)

OpenVPN does not normally remember anything besides ifconfig-pool-persist - and that one needs to be cleared out manually as OpenVPN cannot know that a user is no longer valid (which, from OpenVPN's point of view, is no different from "a user that decides to just no longer use its VPN service"). So if you have users that change very frequently and want to use persistant addressing, you either need to clean out ipp.txt, or do the pool handling / IP address assignment in an client-connect script, outside openvpn.

Note: See TracTickets for help on using tickets.