OpenVPN: Add clients without rebuilding all keys?

vpn openvpn

I've just managed to setup OpenVPN properly on my server and test it to be properly working with client computers and I came to wonder how OpenVPN keys can be generated as clients come and go.

Is it neccessary to rebuild the diffie helman .dh file and recreate all previous client keys as I just need to add or remove a client?

Thanks


As Ency says, provided you've created your own CA, you simply create another key for the new user. Before any more gets typed, when you set up openVPN you did create your own CA, as recommended, didn't you?

Edit: OK, then

cd easy-rsa
. ./vars
./build-key newclient

I also have some notes somewhere about making a CRL, which allows you to revoke old certificates, and pointing openVPN at the crl, but I can't immediately find them.


My solution is:
I have got my own Certificate Authority and anytime I need new client I just create another certificate. It is simple and I am pretty sure you can do same thing even with easyRSA delivered with openVPN.
It is also more universal, because you can easily manage certificates for another services such as apache, etc.

Related

Using variable lists in ansible returns undefined variable
Nginx get the current ip
How to block dots "." in an iptables rule?
ZFS pool not mounting correctly; can't find all files
Wildcard search in Exchange Online PowerShell cmdlets
Create a file only if the directory exists?
"Unable to open logs" in apache error log debian
How do I set an O365 user as a mailing list owner, but not a member?
Dereference symbolic link in OS X?
Truecrypt: File vs Device hosted encryption
Most significant server outages in the past decade
PHP installation on IIS: ISAPI or CGI?