Hi all, We have a problem with the clients after the server reboot.
OS: Centos 7 Kernel: 3.10.0-514.26.2.el7.x86_64 OpenVPN: OpenVPN 2.4.3 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 21 2017 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06 Originally developed by James Yonan Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sa...@openvpn.net> Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=yes enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no OpenSSL: OpenSSL 1.0.1e-fips 11 Feb 2013 Everything was working fine until server reboot. The server hasn't been rebooted for quite some time because there was no need for one, until today. The server logs are reporting following: Aug 8 19:54:43 localhost openvpn: Tue Aug 8 19:54:43 2017 x.x.x.x:56898 OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned Aug 8 19:54:43 localhost openvpn: Tue Aug 8 19:54:43 2017 x.x.x.x:56898 TLS_ERROR: BIO read tls_read_plaintext error Aug 8 19:54:43 localhost openvpn: Tue Aug 8 19:54:43 2017 x.x.x.x:56898 TLS Error: TLS object -> incoming plaintext read error Aug 8 19:54:43 localhost openvpn: Tue Aug 8 19:54:43 2017 x.x.x.x:56898 TLS Error: TLS handshake failed Aug 8 19:54:43 localhost openvpn: Tue Aug 8 19:54:43 2017 x.x.x.x:56898 SIGUSR1[soft,tls-error] received, client-instance restarting Aug 8 19:54:47 localhost openvpn: Tue Aug 8 19:54:47 2017 x.x.x.x:54273 TLS: Initial packet from [AF_INET]x.x.x.x:54273, sid=98d14cee c167e4b3 Aug 8 19:54:47 localhost openvpn: Tue Aug 8 19:54:47 2017 x.x.x.x:54273 VERIFY ERROR: depth=0, error=CRL has expired: C=xx, ST=xxxx, L=xxxx, O=xxxx, OU=xxxx, CN=xxxx, name=xxx.xxx.local, Can anyone assist us on this one? I have googled and found something about CRL has expired error. Is it related with the upgrade of the openvpn package? we use one from the epel repository. Regards! -- Mio Vlahović ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
