Hi, since I’ve upgraded my debian openvpn server from 11 to 12, which upgraded openvpn server from 2.5.1 to 2.6.3 and also openssl from 1.1.1n to 3.0.11, I’m getting this in the log on (as far as I can tell) every client connect:
2023-11-26T08:33:40.014085+01:00 xxx openvpn[7996]: xxx:6013 LZO compression initializing 2023-11-26T08:33:40.015885+01:00 xxx openvpn[7996]: xxx:6013 OpenSSL: error:0308010C:digital envelope routines::unsupported 2023-11-26T08:33:40.016558+01:00 xxx openvpn[7996]: xxx:6013 OpenSSL: error:0480006C:PEM routines::no start line 2023-11-26T08:33:40.017053+01:00 xxx openvpn[7996]: xxx:6013 CRL: cannot read CRL from file /config/vpn/my.crl 2023-11-26T08:33:40.017486+01:00 xxx openvpn[7996]: xxx:6013 CRL: loaded 1 CRLs from file /config/vpn/my.crl 2023-11-26T08:33:40.017941+01:00 xxx openvpn[7996]: xxx:6013 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ] 2023-11-26T08:33:40.018331+01:00 xxx openvpn[7996]: xxx:6013 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ] 2023-11-26T08:33:40.136725+01:00 xxx openvpn[7996]: xxx:6013 VERIFY OK: depth=1, C=DE, ... looks like openvpn is trying to read the CRL, failing and then trying again and then succeeding. Any ideas what it might be trying and failing? some different format? and who is trying? openssl automatically or openvpn? And how to prevent it? my.crl is PEM and has a proper start line, as far as I can tell $ head -1 /config/vpn/my.crl -----BEGIN X509 CRL----- thanks and regards, _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
