Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-12-20 02:27:01 +01:00
Code Issues Projects Releases Wiki Activity

feat: disconnect clients immediately on certificate revocation (#1432)

Browse Source 
## Summary

Adds immediate client disconnect when a certificate is revoked, via
OpenVPN management interface.

Previously, revoked clients stayed connected until they voluntarily
disconnected or the server restarted.

Fixes #1199

## Changes

- Enable management interface (Unix socket at
`/var/run/openvpn/server.sock`)
- Add `disconnectClient()` function to send `kill` command on revoke
- Add `socat` dependency for socket communication
This commit is contained in:
Stanislas
2025-12-18 11:32:50 +01:00
committed by GitHub
parent 9289770e8b
commit b443b75375
5 changed files with 142 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@@ -41,6 +41,7 @@ That said, OpenVPN still makes sense when you need:
- CLI interface for automation and scripting (non-interactive mode with JSON output)
- Certificate renewal for both client and server certificates
- List and monitor connected clients
- Immediate client disconnect on certificate revocation (via management interface)
- Uses [official OpenVPN repositories](https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos) when possible for the latest stable releases
- Firewall rules and forwarding managed seamlessly (native firewalld and nftables support, iptables fallback)
- Configurable VPN subnets (IPv4: default `10.8.0.0/24`, IPv6: default `fd42:42:42:42::/112`)
@@ -135,7 +136,7 @@ For automation and scripting, use the CLI interface:
# List clients
./openvpn-install.sh client list
# Revoke a client
# Revoke a client (immediately disconnects if connected)
./openvpn-install.sh client revoke alice
```