No Clients Can Connect To OpenVPN Due to CRL Expiry
-
I created a Redmine entry for this (https://redmine.pfsense.org/issues/13424) and I'll be working on a fix shortly. When I have one, I'll also create an entry in the System Patches package for it.
-
Well, add me to the line. Exactly the same issue occurred today after I updated CRL (in ver. 2.4.5-p1). Sudden loss of VPN connections of all clients and OpenVPN stating CRL expired during initialization on re-connection. Realized whats going on after I saw 'next update=1st of Jan 1950' in CRL properties. Had to create a new list with shorter validity, after this things got back to normal. Dates roooollin` (over).... :)
-
I merged the fix in yesterday evening.
You can install the System Patches package and then create an entry for
a3c1589086ea67d25a28ec14ab95d7fd9ab25fa2
to apply the fix.It will be added as a "Recommended Patch" in the System Patches package soon, but in the meantime it is safe to add a manual entry to obtain the fix now.
-
Thank you @jimp for the speedy patch on this. I am in the middle of a a rollout to end users and got hit this morning when I made a configuration change. I applied the patch and re-saved the openvpn configuration and I'm back up now. Thank you again.
-
And thanks from me too! I applied the patch as per your instructions (did not even know about the 'patches' package) and OpenVPN is working fine again. pfSense is a brilliantly supported firewall
-
Just another
Started hearing from WFHers that the VPN was down.
Figured out the CRL was reporting 1950 as next update, and found this post.
The system patch package is worth knowing about :)
OpenVPN restored after installing patch, and reloading the service. Great.
Thanks
-
Got this problem today was pulling hairs why my open vpn server not working found this topic
reduced crl time to 200 days and fixed thank you. -
Would also like to add my gratitude for quick identification and patch solution for this issue.
It bit me yesterday and I not see what was wrong with the path I had trodden many times before in setting up a link. Discovered this solution and the patch fixed it. Thank you.
-
Got bit by this bug when our firewall rebooted due to a power blackout after being up for 187 days. Was so glad to come across this System Patches and be able to apply the needed patch and get back up quickly! pfSense is a great firewall product!
-
just ran into this since i had not use my vpn, thanks to everyone it got me fixed up.
-
@jimp I applied the patch when it was released. I'm reading the release notes for 23.01 and see Issue #13424 has been addressed in the new version. Do I need to do anything like remove the patch before or after I upgrade? Or does everything take care of itself?
-
@jeffreyn said in No Clients Can Connect To OpenVPN Due to CRL Expiry:
@jimp I applied the patch when it was released. I'm reading the release notes for 23.01 and see Issue #13424 has been addressed in the new version. Do I need to do anything like remove the patch before or after I upgrade? Or does everything take care of itself?
You do not need to do anything with the patch after upgrading. You can delete the entry from the system patches package.