diff --git a/openvpn/README.md b/openvpn/README.md
index 3fa0ee2..3fbc5ce 100644
--- a/openvpn/README.md
+++ b/openvpn/README.md
@@ -68,8 +68,10 @@ $ fig up -d data
 $ ./setup.sh
 1) server
 2) client
-3) backup
-4) quit
+3) revoke
+4) backup
+5) restore
+6) quit
 
 $ fig up -d
 ```
diff --git a/openvpn/setup.sh b/openvpn/setup.sh
index da69daf..a962799 100755
--- a/openvpn/setup.sh
+++ b/openvpn/setup.sh
@@ -11,19 +11,24 @@ OVPN_SERVER=tcp://vpn.datageek.info
 
 mkdir -p $OVPN_DIR
 
-select opt in server client backup restore quit
+select opt in server client revoke backup restore quit
 do
   if [[ $opt == "server" ]]
   then
     echo "setup server ..."
-    docker run --volumes-from $OVPN_DATA --rm $OVPN_IMG ovpn_genconfig -u $OVPN_SERVER
-    docker run --volumes-from $OVPN_DATA --rm -it $OVPN_IMG ovpn_initpki
+    docker run --rm --volumes-from $OVPN_DATA $OVPN_IMG ovpn_genconfig -u $OVPN_SERVER
+    docker run -it --rm --volumes-from $OVPN_DATA $OVPN_IMG ovpn_initpki
   elif [[ $opt == "client" ]]
   then
     echo "setup client ..."
     read -p '>>> ' OVPN_CLIENT
-    docker run --volumes-from $OVPN_DATA --rm -it $OVPN_IMG easyrsa build-client-full ${OVPN_CLIENT:?client is empty} nopass
-    docker run --volumes-from $OVPN_DATA --rm $OVPN_IMG ovpn_getclient $OVPN_CLIENT > $OVPN_DIR/$OVPN_CLIENT.ovpn
+    docker run -it --rm --volumes-from $OVPN_DATA $OVPN_IMG easyrsa build-client-full ${OVPN_CLIENT:?client is empty} nopass
+    docker run --rm --volumes-from $OVPN_DATA $OVPN_IMG ovpn_getclient $OVPN_CLIENT > $OVPN_DIR/$OVPN_CLIENT.ovpn
+  elif [[ $opt == "revoke" ]]
+  then
+    read -p '>>> ' OVPN_CLIENT
+    docker run -it --rm --volumes-from $OVPN_DATA $OVPN_IMG easyrsa revoke ${OVPN_CLIENT:?client is empty}
+    docker run -it --rm --volumes-from $OVPN_DATA $OVPN_IMG easyrsa gen-crl
   elif [[ $opt == "backup" ]]
   then
     echo "backup volume ..."