openvpn list all active certificates
Solution 1:
If you're using easy-rsa, check the index.txt
file in the keys
folder. It should contain a list of all the issued certificates and their subjects (including CN); valid certificates start with a V
and revoked ones start with an R
.
The current connections are listed in the status file (in my case, openvpn-status.log
in the openvpn
folder).
Solution 2:
You can get a list of current connections to the OpenVPN server either by using the status command over the management interface (see http://openvpn.net/index.php/open-source/documentation/miscellaneous/79-management-interface.html), or by looking at the status file which is specified using the status line in the config files (see http://openvpn.net/index.php/open-source/documentation/howto.html#server).
If you want to know who can connect to the OpenVPN server its a bit harder. OpenVPN will let anyone in whose certificate contains a signature generated with the CA key the server is configured to use. If you are using a third party PKI infrastructure they should have records of the certificates they have issued. If you are using the easy-rsa stuff then the certs should all be in that directory.
Solution 3:
You can simply do that in this way:
# cd /etc/openvpn/easy-rsa/2.0/keys/
# cat index.txt | grep ^V | awk -F "/" '{print $7, $8}'
Lines in index.txt
starts with V
if the certificate is valid.
Result should looks like this:
CN=guest name=changeme