OpenVPN: Add clients without rebuilding all keys?
I've just managed to setup OpenVPN properly on my server and test it to be properly working with client computers and I came to wonder how OpenVPN keys can be generated as clients come and go.
Is it neccessary to rebuild the diffie helman .dh
file and recreate all previous client keys as I just need to add or remove a client?
Thanks
As Ency says, provided you've created your own CA, you simply create another key for the new user. Before any more gets typed, when you set up openVPN you did create your own CA, as recommended, didn't you?
Edit: OK, then
cd easy-rsa
. ./vars
./build-key newclient
I also have some notes somewhere about making a CRL, which allows you to revoke old certificates, and pointing openVPN at the crl, but I can't immediately find them.
My solution is:
I have got my own Certificate Authority and anytime I need new client I just create another certificate. It is simple and I am pretty sure you can do same thing even with easyRSA
delivered with openVPN.
It is also more universal, because you can easily manage certificates for another services such as apache, etc.