PiVPN suddenly stops accepting client connections

PiVPN for Raspberry Pi is a wonderful and easy OpenVPN setup tool. I use it a lot with various devices to access my home network. But it suddenly stopped accepting connection from those various devices. This is how I solved the issue…

This is what /var/log/openvpn.log showed:

Wed Jan 23 20:09:47 2019 89.200.11.186:24592 VERIFY ERROR: depth=0, error=CRL has expired: CN=tim
Wed Jan 23 20:09:47 2019 89.200.11.186:24592 OpenSSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
Wed Jan 23 20:09:47 2019 89.200.11.186:24592 TLS_ERROR: BIO read tls_read_plaintext error
Wed Jan 23 20:09:47 2019 89.200.11.186:24592 TLS Error: TLS object -> incoming plaintext read error
Wed Jan 23 20:09:47 2019 89.200.11.186:24592 TLS Error: TLS handshake failed

So… The certificate has expired.

Add to /etc/openvpn/easy-rsa/vars:

set_var EASYRSA_CRL_DAYS       3650
set_var EASYRSA_CERT_EXPIRE    3650

Then renew the certificate:

cd /etc/openvpn/easy-rsa
sudo ./easyrsa gen-crl
sudo cp pki/crl.pem /etc/openvpn/crl.pem
sudo systemctl restart openvpn

There… You should be fine for another 10 years.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.