Hey. Just for verification as the wiki is not 100% clear to me.
If I do want to add a client to an existing single-client configuration...
Step - add additional client via
easyrsa build-client-full client1 nopass
Step - generate CRL + enable
But what about client created initially - is that one automatically added to the CRL as well ?
Furthermore every client has his own client_xyz.ovpn file which needs to be shared individually ?
CRL is ' certificate revocation list'. It is used when it is needed to 'revoke' certificate, that was issued. So in your configuration you can just ignore it.
Every client has *.ovpn file, but content should differ in 'private' information like client certificate, and client key. All other fields can be common. If you use additional files with 'private' information, *.ovpn file can be exactly the same. But it is more convenient to use inline content.
In most cases true. Intention was to separate the multi-client from the ipv6 topic as they are too different.
Back to the multi-client config. Managed to get it running ... Solution was a script (2.) as intended in the latest OpenVPN wiki article to re-configure service and get the additional .ovpn files.
For an additional .ovpn after completing the above:
1. Run this [multi-client](https://openwrt.org/docs/guide-user/services/vpn/openvpn/extras#multi-client) script.
2. Now make a script consisting of the “Configuration parameters” of Part 1 above and all of Part 4 above and run it. Note that the “remote” line may be missing in the new ovpn (use the original as a reference for that).
Neither in the old OpenVPN wiki article, nor in the multi-client section of OpenVPN extra's this one is mentioned . Not sure if I have been the only one struggeling at that point ?