To continue on from the previous tutorial on setting up OpenVPN on Ubuntu we will now see what is required to add and remove users on our server.
A lot of the steps are the same as creating the initial installation so it should look pretty familiar. Lets assume our new client is called home_pc.
The first step is to generate the key.
./easyrsa gen-req home_pc nopass
./easyrsa import-req $HOME/clientside/easy-rsa/easyrsa3/pki/reqs/home_pc.req home_pc
./easyrsa sign-req client home_pc
After the keys are created copy all the required files to the clientside directory.
cp $HOME/serverside/easy-rsa/easyrsa3/pki/issued/home_pc.crt $HOME/clientside/
cp $HOME/serverside/easy-rsa/easyrsa3/ta.key $HOME/clientside/
cp $HOME/serverside/easy-rsa/easyrsa3/pki/ca.crt $HOME/clientside/
cp $HOME/clientside/easy-rsa/easyrsa3/pki/private/home_pc.key $HOME/clientside/
Open the OpenVPN configuration file
The same as before, paste the following.
scramble obfuscate insert_SAME_password_here
remote insert_server_address_here 443
tls-auth ta.key 1
Edit the file to change the xclientx names to home_pc. Save the file.
Run the script.
Now there will be a single file in your $HOME/clientside/ directory called home_pc.ovpn. Use WinSCP to connect via SCP to this directory and copy the file to your PC. Thats it. Now you can use the ovpn file to connect.
To revoke a user is very simple. Lets assume we want to remove the home_pc user we just created.
Add the following to your server.conf file
Revoke the certificate
./easyrsa revoke home_pc
sudo /etc/init.d/openvpn restart
To verify that the user is disabled open the following file.
You should see an R in the first column beside the name. Indicating the certificate has been revoked.