Closed pasali closed 6 years ago
pasali
commented
6 years ago In the OpenVPN docs; it says that CRL file will be re-read on renegotiation. Default renegotiation period 1 hour. Should i need to set it a smaller period to drop active connection? Or is this the right way to do it ?
pieterlange
commented
6 years ago This is normal openvpn behavior. If you want to you can explicitly drop client connections over the management port.
We could automate this when i get around to making a kubernetes operator out of this project, but that's a long way off.
I have started my openvpn server with
--crl-verifyparameter. After revoked a client, if client disconnects and try to connect again it works as expected. But if client does not disconnect openvpn does not drop active connection.