Deleting client's records

[andrey-mz3]

I wanted to completely remove a client from the server.
I've ran revoke_client from the easy-rsa2 scripts and revoked their certificate.
I followed this by deleting all the files in the keys folder relating to that client, just to clean up.
However, everytime I start the server I see things relating to that client come up in the logs:
IFCONFIG POOL LIST

I realised that the ifconfig-pool-persist option was enabled so I deleted the lines from ipp.txt about that client.
When I restart the server, it somehow got this information again.

I looked at some more files and realised that there were client related things in keys/index.txt.

My question is:
How do I completely remove all files and records of a client that I no longer need on my server? If I have clients I'm constantly adding/removing I want to clean up those files/records and prevent the server from persisting ip's for them and such.

[Gert Döring]

You seem to be mixing easy-rsa related questions (keys/index.txt) with openvpn related (ipp.txt).

Since different people are working on these, make up your mind :-)

OpenVPN does not normally remember anything besides ifconfig-pool-persist - and that one needs to be cleared out manually as OpenVPN cannot know that a user is no longer valid (which, from OpenVPN's point of view, is no different from "a user that decides to just no longer use its VPN service"). So if you have users that change very frequently and want to use persistant addressing, you either need to clean out ipp.txt, or do the pool handling / IP address assignment in an client-connect script, outside openvpn.

[Eric Crist]

Closing this. It isn't a bug in either easyrsa or openvpn. Gert provided the proper guidance already.