How does TLS-CRYPT-V2 work in OpenVPN?
I am configuring an OpenVPN server and I would like to use TLS-CRYPT-V2. For that, in the documentation, it is said that I have to create a TLS-CRYPT-V2 key for the server and one for each client, because it is more secure.
But I don't know how it works. I understand that if a someone stole the key for a client, the keys of the others clients are still safe, so it is better one key for client than one key for all the clients.
However, I don't know how OpenVPN handles each key, does it allow only one key at the same time? Is it possible to revoke a TLS key in the same way a certificate is revoked? If a key is stolen, how does OpenVPN know that it shouldn't allow to connect to the client that uses this TLS key?
In summary, I would like to know how the TLS key works, how to provide another layer of security and what should be done in case the key is stolen.