Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-18 Thread Mio Vlahović
On 08.08.2017 22:37, Joe Patterson wrote: > This may be a stupid question but... > > Do any of the openssl cnf files have a comment in them that says > "easy-rsa version 2.x"? > > if you do 'echo $KEY_CONFIG', what does it say? > We figured it out... I tried reinstalling easy-rsa with the

Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-17 Thread Mio Vlahović
On 17.08.2017 15:49, Selva wrote: > > > On Thu, Aug 17, 2017 at 8:33 AM, Mio Vlahović > wrote: > > On 15.08.2017 02:13, Selva wrote: > > Hi, > > > > I do not use easy-rsa but the test you posted is not correct.. > > >

Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-17 Thread Selva
On Thu, Aug 17, 2017 at 8:33 AM, Mio Vlahović wrote: > On 15.08.2017 02:13, Selva wrote: > > Hi, > > > > I do not use easy-rsa but the test you posted is not correct.. > > > > # sh -x whichopensslcnf > > > > > > This will fail as whichopensslcnf takes an argument (the

Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-17 Thread Mio Vlahović
On 08.08.2017 22:37, Joe Patterson wrote: > This may be a stupid question but... > > Do any of the openssl cnf files have a comment in them that says > "easy-rsa version 2.x"? > > if you do 'echo $KEY_CONFIG', what does it say? Yes, we did try that but with the same result... [root@vpn 2.0]#

Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-17 Thread Mio Vlahović
On 15.08.2017 02:13, Selva wrote: > Hi, > > I do not use easy-rsa but the test you posted is not correct.. > > # sh -x whichopensslcnf > > > This will fail as whichopensslcnf takes an argument (the root folder > name $EASY_RSA) without which it will be looking at the "root directory" > >

Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-14 Thread Selva
Hi, I do not use easy-rsa but the test you posted is not correct.. > # sh -x whichopensslcnf > This will fail as whichopensslcnf takes an argument (the root folder name $EASY_RSA) without which it will be looking at the "root directory" > + cnf=/openssl.cnf > + '[' openssl ']' > + openssl

Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-14 Thread Mio Vlahović
On 08.08.2017 23:18, Marco Lumachi wrote: >> On 08/08/17 21:50, Mio Vlahovi? wrote: >>> On 08.08.2017 21:47, David Sommerseth wrote: On 08/08/17 21:28, Mio Vlahovi? wrote: > On 08.08.2017 21:13, David Sommerseth wrote: >> On 08/08/17 20:34, Leonardo Rodrigues wrote: >>> >>>

Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-08 Thread Marco Lumachi
> On 08/08/17 21:50, Mio Vlahovi? wrote: >> On 08.08.2017 21:47, David Sommerseth wrote: >>> On 08/08/17 21:28, Mio Vlahovi? wrote: On 08.08.2017 21:13, David Sommerseth wrote: > On 08/08/17 20:34, Leonardo Rodrigues wrote: >> >> You very likely created your certificated

Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-08 Thread Joe Patterson
This may be a stupid question but... Do any of the openssl cnf files have a comment in them that says "easy-rsa version 2.x"? if you do 'echo $KEY_CONFIG', what does it say? Thanks, -Joe On Tue, Aug 8, 2017 at 4:03 PM Mio Vlahović wrote: > On 08.08.2017 21:47, David

Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-08 Thread Xen
Mio Vlahović schreef op 08-08-2017 22:02: On 08.08.2017 21:47, David Sommerseth wrote: On 08/08/17 21:28, Mio Vlahović wrote: On 08.08.2017 21:13, David Sommerseth wrote: On 08/08/17 20:34, Leonardo Rodrigues wrote: You very likely created your certificated with MD5 hashing, which

Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-08 Thread Mio Vlahović
On 08.08.2017 21:47, David Sommerseth wrote: > On 08/08/17 21:28, Mio Vlahović wrote: >> On 08.08.2017 21:13, David Sommerseth wrote: >>> On 08/08/17 20:34, Leonardo Rodrigues wrote: You very likely created your certificated with MD5 hashing, which was disabled on newer

Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-08 Thread David Sommerseth
On 08/08/17 21:28, Mio Vlahović wrote: > On 08.08.2017 21:13, David Sommerseth wrote: >> On 08/08/17 20:34, Leonardo Rodrigues wrote: >>> >>> You very likely created your certificated with MD5 hashing, which >>> was disabled on newer OpenSSL versions of CentOS. >>> >>> Try: >>> >>>

Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-08 Thread Mio Vlahović
On 08.08.2017 21:13, David Sommerseth wrote: > On 08/08/17 20:34, Leonardo Rodrigues wrote: >> >> You very likely created your certificated with MD5 hashing, which >> was disabled on newer OpenSSL versions of CentOS. >> >> Try: >> >> export NSS_HASH_ALG_SUPPORT=+MD5 >> export

Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-08 Thread David Sommerseth
On 08/08/17 20:34, Leonardo Rodrigues wrote: > > You very likely created your certificated with MD5 hashing, which > was disabled on newer OpenSSL versions of CentOS. > > Try: > > export NSS_HASH_ALG_SUPPORT=+MD5 > export OPENSSL_ENABLE_MD5_VERIFY=1 > > before starting your OpenVPN

Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-08 Thread Steffan Karger
On 08-08-17 20:34, Leonardo Rodrigues wrote: > > You very likely created your certificated with MD5 hashing, which > was disabled on newer OpenSSL versions of CentOS. > > Try: > > export NSS_HASH_ALG_SUPPORT=+MD5 > export OPENSSL_ENABLE_MD5_VERIFY=1 > > before starting your

Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-08 Thread Steffan Karger
On 08-08-17 20:34, Xen wrote: > Mio Vlahović schreef op 08-08-2017 19:59: > >> Can anyone assist us on this one? I have googled and found something >> about CRL has expired error. Is it related with the upgrade of the >> openvpn package? we use one from the epel repository. > > You know a CRL

Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-08 Thread Leonardo Rodrigues
You very likely created your certificated with MD5 hashing, which was disabled on newer OpenSSL versions of CentOS. Try: export NSS_HASH_ALG_SUPPORT=+MD5 export OPENSSL_ENABLE_MD5_VERIFY=1 before starting your OpenVPN daemon and watch if that make clients connect again ...

Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-08 Thread Gert Doering
Hi, On Tue, Aug 08, 2017 at 08:34:25PM +0200, Xen wrote: > So you can do two things: renew your CRL, or remove it from the > configuration. > > I will let someone answer now who actually has something useful to say > ;-). Well, that's about the message :-) - a CRL has a lifetime, which can be

Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-08 Thread Xen
Mio Vlahović schreef op 08-08-2017 19:59: Can anyone assist us on this one? I have googled and found something about CRL has expired error. Is it related with the upgrade of the openvpn package? we use one from the epel repository. You know a CRL is a certificate revocation list right. Being

Re: [Openvpn-users] Clients can't connect after server reboot

2017-08-08 Thread Mio Vlahović
On 08.08.2017 19:59, Mio Vlahović wrote: > Hi all, > > We have a problem with the clients after the server reboot. > > [CUT] One update... I can no longer generate new certificates. It seemse that whichopensslcnf scripts can't find openssl.cnf (which is there in the same directory...)