PiVPN for Raspberry Pi is a wonderful and easy OpenVPN setup tool. I use it a lot with various devices to access my home network. But it suddenly stopped accepting connection from those various devices. This is how I solved the issue…
This is what /var/log/openvpn.log showed:
Wed Jan 23 20:09:47 2019 89.200.11.186:24592 VERIFY ERROR: depth=0, error=CRL has expired: CN=tim
Wed Jan 23 20:09:47 2019 89.200.11.186:24592 OpenSSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
Wed Jan 23 20:09:47 2019 89.200.11.186:24592 TLS_ERROR: BIO read tls_read_plaintext error
Wed Jan 23 20:09:47 2019 89.200.11.186:24592 TLS Error: TLS object -> incoming plaintext read error
Wed Jan 23 20:09:47 2019 89.200.11.186:24592 TLS Error: TLS handshake failed
So… The certificate has expired.
Add to /etc/openvpn/easy-rsa/vars:
set_var EASYRSA_CRL_DAYS 3650
set_var EASYRSA_CERT_EXPIRE 3650
Then renew the certificate:
cd /etc/openvpn/easy-rsa
sudo ./easyrsa gen-crl
sudo cp pki/crl.pem /etc/openvpn/crl.pem
sudo systemctl restart openvpn
There… You should be fine for another 10 years.
Many thanks, that was very helpful to get my pivpn running again.
You’re welcome 🙂