Revoke Access to VPN IKEv2

Hi there,

I followed the instrucctions for Ikev2 RSA for road warriors

https://wiki.mikrotik.com/wiki/Manual:IP/IPsec

Road Warrior setup using IKEv2 with RSA authentication

It works , but I don’t know how to revoke access for those road warriors that won’t continue needing the VPN. I tried to revoke the user certificate, but it still working.

What I should to do?

Thanks you.

If you haven’t created the CA certificate you use to sign the clients’ certificates with a CRL, the only thing you can do now is to create a dedicated identity row for each client, matching on its individual certificate.

See this post on how to deal with certificate revocation properly.