docs: update vpn/openvpn/servidor

2022-05-26 00:18:07 +00:00 · 2022-05-26 00:18:07 +00:00 · b0d43ae8e3
commit b0d43ae8e3
parent d559c24c87
1 changed files with 45 additions and 1 deletions
--- a/vpn/openvpn/servidor.md
+++ b/vpn/openvpn/servidor.md
@ -2,7 +2,7 @@
 title: OpenVPN - Servidor
 description: Tutorial de instalación del Servidor OpenVPN
 published: true
-date: 2022-05-26T00:06:30.918Z
+date: 2022-05-26T00:18:03.566Z
 tags: vpn, servidor, debian
 editor: markdown
 dateCreated: 2022-05-18T16:48:57.246Z
@ -720,6 +720,50 @@ sudo systemctl restart nftables.service && sudo systemctl status nftables.servic
 sudo systemctl enable nftables.service
 ```

+### Revocación de clientes
+
+* Desde la SubCA
+
+```bash
+cd ~/EasyRSA
+
+./easyrsa revoke client4
+```
+
+```bash
+./easyrsa gen-crl
+```
+
+```bash
+scp ~/EasyRSA/pki/crl.pem ovpn@ovpn.bastionado.es:/tmp
+```
+
+```bash
+sudo mv /tmp/crl.pem /etc/openvpn
+
+sudo vim /etc/openvpn/server.conf
+```
+
+```bash
+sudo mv /tmp/crl.pem /etc/openvpn
+
+sudo vim /etc/openvpn/server.conf
+
+crl-verify crl.pem
+```
+
+* Arrancar y comprobar el estado del servicio OpenVPN
+
+```bash
+sudo systemctl restart openvpn@server && sudo systemctl status openvpn@server
+```
+
+* Revisar el registro para comprobar que se está aplicando la CRL cuando un cliente intenta conectar
+
+```bash
+sudo tail -f /var/log/openvpn/openvpn.log
+```
+
 ## OpenVPN + TOR

 ### Configuración de OpenVPN