Solved OpenVPN - TLS verify error
VPN has been working 2 weeks ago.
Today connecting fails with a verify error:
VERIFY ERROR: depth=0, error=CRL has expired: CN=MBP
OpenSSL: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed
The device config was created on Aug 16, 2022.
Does the CRL not update automatically?
Is there a default expiry? I don't see one set in the config file.
EASYRSA_CRL_DAYS=3650 (10 yrs)
Looking at the keys dir in File Manager, it's dated Aug of last year. So is that a 1 year expiry and no update?
The current cert expiration is indeed set to 10 years: https://git.cloudron.io/cloudron/openvpn-app/-/blob/master/easyrsa-vars#L15
Can you download the .opvn file and double check the expiration there?
@nebulon I didn't find it in the .ovpn but in the cert.crt file:
Validity Not Before: Aug 16 10:04:48 2022 GMT Not After : Aug 13 10:04:48 2032 GMT
So it is configured right, and handing out proper VPN configs, yet the server doesn't like something.
@nebulon Update: after restarting the OpenVPN App, it connects and verifies TLS just fine.
Shrug, restart fixed it.