From 372ba8bfad661f6479b8b86c417a75e614bca9ff Mon Sep 17 00:00:00 2001
From: Dmitry Voronin <hi@voronind.com>
Date: Wed, 27 Nov 2024 02:50:09 +0300
Subject: [PATCH] Vpn: Use crl.

---
 container/Vpn.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/container/Vpn.nix b/container/Vpn.nix
index 59e60878..62e7f320 100644
--- a/container/Vpn.nix
+++ b/container/Vpn.nix
@@ -2,6 +2,7 @@
 # easyrsa --days=36500 build-ca
 # easyrsa --days=36500 build-server-full <SERVER_NAME> nopass
 # easyrsa --days=36500 build-client-full <CLIENT_NAME> nopass
+# easyrsa gen-crl
 # openssl dhparam -out dh2048.pem 2048
 # Don't forget to set tls hostname on the client to match SERVER_NAME *AND* disable ipv6 ?
 
@@ -91,6 +92,7 @@ in {
 						ca /data/pki/ca.crt
 						cert /data/pki/issued/home.crt
 						client-to-client
+						crl-verify /data/pki/crl.pem
 						dev tun
 						dh /data/dh2048.pem
 						explicit-exit-notify 1