OpenVPN revoked certificates can connect

[Krustak]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• [X] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• [X] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

Hello,

Im using Open VPN on OPNSense in configuration that doesnt need user name or password, so Im only validating users by certificate created by my OPNSense CA. I have CRL and I have it configured in Open VPN server as Certificate Revocation List. When I edit CRL and add any of my certificates I can still connect using this ovpn file with revoked certificate.

thank you

Expected behavior

Once certificate is revoked, OpenVPN should not allow connection with it.

Screenshots

Environment

Software version used and hardware type if relevant, e.g.:

OPNsense 24.7.5_3 (amd64).

[AdSchellevis]

openvpn (like a lot of other services) don't instantly reload CRL's, restart the affected service and you should be fine.

[Krustak]

Is it possible to add "Restart OpenVPN service" to CRON commands? It seems its not there like for example IPSec service and Wireguard service

thank you

PS: I have restarted openvpn services (all) and I can still connect with revoked certificate

[Krustak]

hello, correction, it started working once I rebooted whole machine. So i created cronjob to reboot OPNSense at night to apply all CRLs

[OPNsense-bot]

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.