Koozali.org: home of the SME Server

openvpn suddenly stopped connecting

Offline robf355

  • *
  • 70
  • +0/-0
openvpn suddenly stopped connecting
« on: October 03, 2019, 03:48:52 PM »
Hi
I had openvpn routed installed, working great, allowing me to connect form my mobile phone (android) to the server, then went on holiday and first time I tried to access the server the connection failed
when I got back I checked the server logs:
These are the messages I'm getting:

2019-10-03 14:46:29.999937500 82.132.215.122:34223 TLS: Initial packet from [AF_INET]82.132.215.122:34223, sid=cdb7a898 a190359c
2019-10-03 14:46:30.454818500 82.132.215.122:34223 VERIFY ERROR: depth=0, error=CRL has expired: C=UK, ST=worcs, L=kidderminster, O=Karter Electronics, O=21232f297a57a5a743894a0e4a801fc3, OU=office, CN=VPN, emailAddress=rob@karterelectronic.com
2019-10-03 14:46:30.454857500 82.132.215.122:34223 OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
2019-10-03 14:46:30.454870500 82.132.215.122:34223 TLS_ERROR: BIO read tls_read_plaintext error
2019-10-03 14:46:30.454871500 82.132.215.122:34223 TLS Error: TLS object -> incoming plaintext read error
2019-10-03 14:46:30.454872500 82.132.215.122:34223 TLS Error: TLS handshake failed
2019-10-03 14:46:30.454994500 82.132.215.122:34223 SIGUSR1[soft,tls-error] received, client-instance restarting

A quick google search on "VERIFY ERROR: depth=0, error=CRL has expired" says the certificate has expired, so I revoked it and regenerated it, then copied the pkcs#12 bundle to the mobile phone, reinstalled it but i still get the same result.
This is my .opvn file on the phone:
rport 1194
proto udp
dev tun
nobind
# Uncomment the following line if your system
# support passtos (not supported on Windows)
# passtos
remote server.kjctechnik.com

tls-client
ns-cert-type server

auth-user-pass

# Replace user.p12 with the certificate
# bundle in PKCS12 format
pkcs12 vpn.p12

# You can replace the pkcs12
# directive with the old ones
#ca cacert.pem
#cert user.pem
#key user-key.pem
mtu-test
comp-lzo
pull

Has anyone any idea what's gone wrong?
regards
Rob
« Last Edit: October 03, 2019, 03:50:27 PM by robf355 »

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: openvpn suddenly stopped connecting
« Reply #1 on: October 03, 2019, 11:49:36 PM »
Wrong  certificate....

Search for

"VERIFY ERROR: depth=0, error=CRL has expired"

Eg

https://forums.openvpn.net/viewtopic.php?t=23166

You need to fix the server one.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Online Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: openvpn suddenly stopped connecting
« Reply #2 on: October 04, 2019, 03:20:03 AM »
Certificates do have a limit of time. You might need to renew your signing certificate and then all the client/ server ones.

Offline robf355

  • *
  • 70
  • +0/-0
Re: openvpn suddenly stopped connecting
« Reply #3 on: October 05, 2019, 11:11:45 AM »
Thanks for replies, I sorted it by creating a new certificate, I thought this would do the same as renewing the certificate but there must have been some difference.
Regards
Rob