Hi
I had openvpn routed installed, working great, allowing me to connect form my mobile phone (android) to the server, then went on holiday and first time I tried to access the server the connection failed
when I got back I checked the server logs:
These are the messages I'm getting:
2019-10-03 14:46:29.999937500 82.132.215.122:34223 TLS: Initial packet from [AF_INET]82.132.215.122:34223, sid=cdb7a898 a190359c
2019-10-03 14:46:30.454818500 82.132.215.122:34223 VERIFY ERROR: depth=0, error=CRL has expired: C=UK, ST=worcs, L=kidderminster, O=Karter Electronics, O=21232f297a57a5a743894a0e4a801fc3, OU=office, CN=VPN, emailAddress=rob@karterelectronic.com
2019-10-03 14:46:30.454857500 82.132.215.122:34223 OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
2019-10-03 14:46:30.454870500 82.132.215.122:34223 TLS_ERROR: BIO read tls_read_plaintext error
2019-10-03 14:46:30.454871500 82.132.215.122:34223 TLS Error: TLS object -> incoming plaintext read error
2019-10-03 14:46:30.454872500 82.132.215.122:34223 TLS Error: TLS handshake failed
2019-10-03 14:46:30.454994500 82.132.215.122:34223 SIGUSR1[soft,tls-error] received, client-instance restarting
A quick google search on "VERIFY ERROR: depth=0, error=CRL has expired" says the certificate has expired, so I revoked it and regenerated it, then copied the pkcs#12 bundle to the mobile phone, reinstalled it but i still get the same result.
This is my .opvn file on the phone:
rport 1194
proto udp
dev tun
nobind
# Uncomment the following line if your system
# support passtos (not supported on Windows)
# passtos
remote server.kjctechnik.com
tls-client
ns-cert-type server
auth-user-pass
# Replace user.p12 with the certificate
# bundle in PKCS12 format
pkcs12 vpn.p12
# You can replace the pkcs12
# directive with the old ones
#ca cacert.pem
#cert user.pem
#key user-key.pem
mtu-test
comp-lzo
pull
Has anyone any idea what's gone wrong?
regards
Rob