Hi all,

We have a problem with the clients after the server reboot.

OS: Centos 7
Kernel: 3.10.0-514.26.2.el7.x86_64
OpenVPN: OpenVPN 2.4.3 x86_64-redhat-linux-gnu [Fedora EPEL patched] 
[SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built 
on Jun 21 2017
library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Originally developed by James Yonan
Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sa...@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no 
enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes 
enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown 
enable_dlopen_self=unknown enable_dlopen_self_static=unknown 
enable_fast_install=yes enable_fragment=yes enable_iproute2=yes 
enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes 
enable_management=yes enable_multi=yes enable_multihome=yes 
enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes 
enable_plugin_auth_pam=yes enable_plugin_down_root=yes 
enable_plugins=yes enable_port_share=yes enable_selinux=yes 
enable_server=yes enable_shared=yes 
enable_shared_with_static_runtimes=no enable_small=no enable_static=yes 
enable_strict=no enable_strict_options=no enable_systemd=yes 
enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes 
with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no 
with_sysroot=no

OpenSSL: OpenSSL 1.0.1e-fips 11 Feb 2013

Everything was working fine until server reboot. The server hasn't been 
rebooted for quite some time because there was no need for one, until today.

The server logs are reporting following:

Aug  8 19:54:43 localhost openvpn: Tue Aug  8 19:54:43 2017 
x.x.x.x:56898 OpenSSL: error:140890B2:SSL 
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Aug  8 19:54:43 localhost openvpn: Tue Aug  8 19:54:43 2017 
x.x.x.x:56898 TLS_ERROR: BIO read tls_read_plaintext error
Aug  8 19:54:43 localhost openvpn: Tue Aug  8 19:54:43 2017 
x.x.x.x:56898 TLS Error: TLS object -> incoming plaintext read error
Aug  8 19:54:43 localhost openvpn: Tue Aug  8 19:54:43 2017 
x.x.x.x:56898 TLS Error: TLS handshake failed
Aug  8 19:54:43 localhost openvpn: Tue Aug  8 19:54:43 2017 
x.x.x.x:56898 SIGUSR1[soft,tls-error] received, client-instance restarting
Aug  8 19:54:47 localhost openvpn: Tue Aug  8 19:54:47 2017 
x.x.x.x:54273 TLS: Initial packet from [AF_INET]x.x.x.x:54273, 
sid=98d14cee c167e4b3
Aug  8 19:54:47 localhost openvpn: Tue Aug  8 19:54:47 2017 
x.x.x.x:54273 VERIFY ERROR: depth=0, error=CRL has expired: C=xx, 
ST=xxxx, L=xxxx, O=xxxx, OU=xxxx, CN=xxxx, name=xxx.xxx.local,

Can anyone assist us on this one? I have googled and found something 
about CRL has expired error. Is it related with the upgrade of the 
openvpn package? we use one from the epel repository.

Regards!

-- 
Mio Vlahović
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to