OpenVPN - revoke crl.pem [RESOLVED]

[Terrabytes]

Please let me know if I am posting in the wrong forum.

Using OpenVPN on Asus AX88U with Merlin [386.7_2]. I need to revoke a few users from accessing OpenVPN. I have created the crl.pem but don't know how to have OpenVPN service load it. Since everything is in RAM and get removed after reboot.

This is what I have tried.

• Created a directory under /jffs/configs/openvpn/ccd1
  • Merlin (from what I have read) copies from path to /etc/openvpn/server1/ccd] on restart
• Added "crl-verify crl.pem" under custom configurations

Doesn't work. I am stuck at this point and don't how know to proceed as everything that I read has not provided any insight.

As always your comments and insight are greatly appreciated. Thanks
Additionally please advise if any further details are needed.

 

[RMerlin]

Paste the content on the same page where your key/certificates are entered.

 

[Terrabytes]

Doh...overlooked it. Do I even need to add "crl-verify crl.pem" in the custom configurations? Tried it without it and it worked but I want to follow best practice.

Additionally thank you for all of your contributions (Merlin,etc). I donate every year to the project and only ask that you keep doing what you are doing. Thank you from the community,

 

[RMerlin]

Doh...overlooked it. Do I even need to add "crl-verify crl.pem" in the custom configurations? Tried it without it and it worked but I want to follow best practice.

No, just paste the content in the revocation field. The firmware will automatically configure the server to use it if there's any content in it, just like it does with keys/certs/DHs.