container-openvpn/docs/clients.md

# Advanced Client Management

## Client Configuration Mode

The [`ovpn_getclient`](/bin/ovpn_getclient) can produce two different versions of the configuration.

1. combined (default): All needed configuration and cryptographic material is in one file (Use "combined-save" to write the configuration file in the same path as the separated parameter does).
2. separated: Separated files.

Note that some client software might be picky about which configuration format it accepts.

## Client List

See an overview of the configured clients, including revocation status:

    docker run --rm -it -v $OVPN_DATA:/etc/openvpn kylemanna/openvpn ovpn_listclients

## Batch Mode

If you have more than a few clients, you will want to generate and update your client configuration in batch. For this task the script [`ovpn_getclient_all`](/bin/ovpn_getclient_all) was written, which writes out the configuration for each client to a separate directory called `clients/$cn`.

Execute the following to generate the configuration for all clients:

    docker run --rm -it -v $OVPN_DATA:/etc/openvpn --volume /tmp/openvpn_clients:/etc/openvpn/clients kylemanna/openvpn ovpn_getclient_all

After doing so, you will find the following files in each of the `$cn` directories:

    ca.crt
    $cn-combined.ovpn # Combined configuration file format. If your client recognices this file then only this file is needed.
    $cn.ovpn          # Separated configuration. This configuration file requires the other files ca.crt dh.pem $cn.crt $cn.key ta.key
    $cn.crt
    $cn.key
    ta.key

## Revoking Client Certificates

Revoke `client1`'s certificate and generate the certificate revocation list (CRL):

    docker run --rm -it -v $OVPN_DATA:/etc/openvpn kylemanna/openvpn easyrsa revoke client1
    docker run --rm -it -v $OVPN_DATA:/etc/openvpn kylemanna/openvpn easyrsa gen-crl

The OpenVPN server will read this change every time a client connects (no need to restart server) and deny clients access using revoked certificates.
docs: Tweak case and arguments * Makes the reading more uniform with the rest of the documentation. 2015-05-11 17:32:58 +00:00			`# Advanced Client Management`
Allow to export separated client config and wrote ovpn_getclient_all. 2015-03-12 23:32:40 +00:00
docs: Tweak case and arguments * Makes the reading more uniform with the rest of the documentation. 2015-05-11 17:32:58 +00:00			`## Client Configuration Mode`
Allow to export separated client config and wrote ovpn_getclient_all. 2015-03-12 23:32:40 +00:00
Fixed based on the review by @kylemanna. Thanks. 2015-03-14 12:22:28 +00:00			The [`ovpn_getclient`](/bin/ovpn_getclient) can produce two different versions of the configuration.
Allow to export separated client config and wrote ovpn_getclient_all. 2015-03-12 23:32:40 +00:00
Fixed based on the review by @kylemanna. Thanks. 2015-03-14 12:22:28 +00:00			`1. combined (default): All needed configuration and cryptographic material is in one file (Use "combined-save" to write the configuration file in the same path as the separated parameter does).`
Allow to export separated client config and wrote ovpn_getclient_all. 2015-03-12 23:32:40 +00:00			`2. separated: Separated files.`

Fixed spelling. 2015-03-13 01:00:04 +00:00			`Note that some client software might be picky about which configuration format it accepts.`
Allow to export separated client config and wrote ovpn_getclient_all. 2015-03-12 23:32:40 +00:00
adding ovpn_listclients script 2016-05-11 22:35:00 +00:00			`## Client List`

update clients.md ; typo fix "revocation" for "revokation", no other changes 2016-12-31 06:34:01 +00:00			`See an overview of the configured clients, including revocation status:`
adding ovpn_listclients script 2016-05-11 22:35:00 +00:00
misc: Switch from data container to data volume * Use the `docker volume` mechanism. * Less confusing and makes more sense. * Released in ~ docker v1.9 2016-09-03 23:08:49 +00:00			`docker run --rm -it -v $OVPN_DATA:/etc/openvpn kylemanna/openvpn ovpn_listclients`
adding ovpn_listclients script 2016-05-11 22:35:00 +00:00
docs: Tweak case and arguments * Makes the reading more uniform with the rest of the documentation. 2015-05-11 17:32:58 +00:00			`## Batch Mode`
Allow to export separated client config and wrote ovpn_getclient_all. 2015-03-12 23:32:40 +00:00
Fixed based on the review by @kylemanna. Thanks. 2015-03-14 12:22:28 +00:00			If you have more than a few clients, you will want to generate and update your client configuration in batch. For this task the script [`ovpn_getclient_all`](/bin/ovpn_getclient_all) was written, which writes out the configuration for each client to a separate directory called `clients/$cn`.
Allow to export separated client config and wrote ovpn_getclient_all. 2015-03-12 23:32:40 +00:00
			`Execute the following to generate the configuration for all clients:`

misc: Switch from data container to data volume * Use the `docker volume` mechanism. * Less confusing and makes more sense. * Released in ~ docker v1.9 2016-09-03 23:08:49 +00:00			`docker run --rm -it -v $OVPN_DATA:/etc/openvpn --volume /tmp/openvpn_clients:/etc/openvpn/clients kylemanna/openvpn ovpn_getclient_all`
Allow to export separated client config and wrote ovpn_getclient_all. 2015-03-12 23:32:40 +00:00
			After doing so, you will find the following files in each of the `$cn` directories:

			`ca.crt`
Fixed based on the review by @kylemanna. Thanks. 2015-03-14 12:22:28 +00:00			`$cn-combined.ovpn # Combined configuration file format. If your client recognices this file then only this file is needed.`
Allow to export separated client config and wrote ovpn_getclient_all. 2015-03-12 23:32:40 +00:00			`$cn.ovpn # Separated configuration. This configuration file requires the other files ca.crt dh.pem $cn.crt $cn.key ta.key`
			`$cn.crt`
			`$cn.key`
			`ta.key`
ovpn: Add support for revoking certificates (CRL) * Add this much needed missing feature. Easy RSA makes it... easy. 2015-05-11 17:33:56 +00:00
			`## Revoking Client Certificates`

			Revoke `client1`'s certificate and generate the certificate revocation list (CRL):

misc: Switch from data container to data volume * Use the `docker volume` mechanism. * Less confusing and makes more sense. * Released in ~ docker v1.9 2016-09-03 23:08:49 +00:00			`docker run --rm -it -v $OVPN_DATA:/etc/openvpn kylemanna/openvpn easyrsa revoke client1`
			`docker run --rm -it -v $OVPN_DATA:/etc/openvpn kylemanna/openvpn easyrsa gen-crl`
ovpn: Add support for revoking certificates (CRL) * Add this much needed missing feature. Easy RSA makes it... easy. 2015-05-11 17:33:56 +00:00
Updated documentation. * Related to https://github.com/kylemanna/docker-openvpn/pull/54 * Allow better syntax highlighting. * Added/Fixed hyperlinks. * Spelling. 2015-08-25 10:40:02 +00:00			`The OpenVPN server will read this change every time a client connects (no need to restart server) and deny clients access using revoked certificates.`