List certs and remove users

cpa

We have an intern that left the company. I deleted his user account in the main cloudron admin, but how do I revoke his certs on the VPN app? He cannot access the self-service page anymore he still has openvpn certs or wireguard credentials, right? Are they automatically revoked?

Also, how can I list all the users (people w/ at least one valid cert) of a given vpn (we use several)?

Thanks!

james

Hello @cpa

@cpa said in List certs and remove users:

Are they automatically revoked?

I will look into it and report back.

@cpa said in List certs and remove users:

Also, how can I list all the users (people w/ at least one valid cert) of a given vpn (we use several)?

You can view that in the VPN App Web Ui.

---

You can always just use the VPN App Web UI and check the clients if they use the connections right now and also delete the clients.

cpa

Thanks.

I'm not sure where I'm supposed to check the other clients in the UI, I don't think I have such an option? (in the settings tab there's no such list either)

For the record, in code/vpn.db there was still our intern (whose account is deleted in the mail cloudron admin UI) listed under the clients key. I removed it, but I don't know if that has any effect on the revocation of the cert…

james

Hello @cpa
Good point.
Create a user, login into the VPN app, create a client, delete the cloudron user and then?¿
Who can manage this clients' cert?

Since there is no admin view afaik you can't see all clients. Just your own.
I will get back to you after some research.

robi

You have to delete the client in the VPN app to stop the user from VPNing in.

nebulon

Indeed, that feature is missing!

The UI currently only shows the client credentials per user. Which of course doesn't help in your case.

I will see how hard it is to add this UI.

cpa

@robi said in List certs and remove users:

You have to delete the client in the VPN app to stop the user from VPNing in.

Thanks, you mean deleting the corresponding account in the vpn.db file? It's fairly clear that it deletes the wireguard access (as the preshared key is in the file so it gets deleted) but what about the openvpn certs?

There's a check both against the certs AND the vpn.db file?

robi

@cpa this is easily testable, no?

Create a new VPN client, download both configs, connect, disconnect.

Delete the client, then try connecting again. See which still works.