From b0d43ae8e3de6f0a42566c3b3c9b95f2394fcc19 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Antonio=20Y=C3=A1=C3=B1ez=20Jim=C3=A9nez?=
 <wiki@codigojose.com>
Date: Thu, 26 May 2022 00:18:07 +0000
Subject: [PATCH] docs: update vpn/openvpn/servidor

---
 vpn/openvpn/servidor.md | 46 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 45 insertions(+), 1 deletion(-)

diff --git a/vpn/openvpn/servidor.md b/vpn/openvpn/servidor.md
index fd0cfd5..33c6d7a 100644
--- a/vpn/openvpn/servidor.md
+++ b/vpn/openvpn/servidor.md
@@ -2,7 +2,7 @@
 title: OpenVPN - Servidor
 description: Tutorial de instalación del Servidor OpenVPN
 published: true
-date: 2022-05-26T00:06:30.918Z
+date: 2022-05-26T00:18:03.566Z
 tags: vpn, servidor, debian
 editor: markdown
 dateCreated: 2022-05-18T16:48:57.246Z
@@ -720,6 +720,50 @@ sudo systemctl restart nftables.service && sudo systemctl status nftables.servic
 sudo systemctl enable nftables.service
 ```
 
+### Revocación de clientes
+
+* Desde la SubCA
+
+```bash
+cd ~/EasyRSA
+
+./easyrsa revoke client4
+```
+
+```bash
+./easyrsa gen-crl
+```
+
+```bash
+scp ~/EasyRSA/pki/crl.pem ovpn@ovpn.bastionado.es:/tmp
+```
+
+```bash
+sudo mv /tmp/crl.pem /etc/openvpn
+
+sudo vim /etc/openvpn/server.conf
+```
+
+```bash
+sudo mv /tmp/crl.pem /etc/openvpn
+
+sudo vim /etc/openvpn/server.conf
+
+crl-verify crl.pem
+```
+
+* Arrancar y comprobar el estado del servicio OpenVPN
+
+```bash
+sudo systemctl restart openvpn@server && sudo systemctl status openvpn@server
+```
+
+* Revisar el registro para comprobar que se está aplicando la CRL cuando un cliente intenta conectar
+
+```bash
+sudo tail -f /var/log/openvpn/openvpn.log
+```
+
 ## OpenVPN + TOR
 
 ### Configuración de OpenVPN