On Thu, 23 Feb 2023 13:25:46 +0100, Gert Doering <g...@greenie.muc.de> wrote:
>Hi, > >On Thu, Feb 23, 2023 at 09:04:13AM +0100, Bo Berglund wrote: >> But now when I connect on 1194 or 1195 from a remote location nothing happens >> whereas on 1198 or 1199 I get instant connection. > >Basically there's two reasons why "nothing" could happen - one is >"packets never make it to the server" (Firewall/NAT box being confused), >the other is "something cert has expired, so the server does not want >to talk to you". > >For debugging the OpenVPN server, you need to find out where it logs >to - usually the OpenVPN server log is pretty clear on "I do not like >this client because..." > The logs are in /etc/openvpn/log so was simple to locate... When I first try (and fail) to connect then go in via the other server to read the log I find this: 217.31.190.108:63723 TLS: Initial packet from [AF_INET]217.31.190.108:63723, sid=863c9ad5 e9b05ce9 217.31.190.108:63723 VERIFY ERROR: depth=0, error=CRL has expired: C=US, ST=TX, L=Austin, O=Companyname, OU=IT, CN=BosseB_AGI, name=BosseB_AGI, emailAddress=*** 217.31.190.108:63723 OpenSSL: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed 217.31.190.108:63723 TLS_ERROR: BIO read tls_read_plaintext error 217.31.190.108:63723 TLS Error: TLS object -> incoming plaintext read error 217.31.190.108:63723 TLS Error: TLS handshake failed 217.31.190.108:63723 SIGUSR1[soft,tls-error] received, client-instance restarting So it seems like some client cert has expired... Question: How can I update the cert (which cert) to extend the lifetime? There are both server and clients certs created when I set up the system initially so now I need to find what expirations are exceeded and try to fix it. So how can I check the expiration date of the certs used? I have all relevant files including the OVPN files for the clients available. -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
