After upgrade pfsense to 2.4.4, VPN works only with account



  • After upgrading pfsense to 2.4.4, only one account works. On my PC, I join my VPN (Viscosity) account and it all works. If I connect to VPN another account on the same PC, I will join the VPN, but I can not get anywhere. I can not ping any network. After the upgrade to I have this problem already on two pfsense. I tried to create new certificates, checked the router print, and everything was fine. Has anyone ever met this problem? I'll be happy for any advice. Thanks



  • After upgrading to 2.4.4 vpn connection are no longer working. Openvpn log say :
    VERIFY ERROR : error=CRL has expired.
    CRL exist on the server. CA and cert are still valid.


  • Rebel Alliance Global Moderator

    @ccnet said in After upgrade pfsense to 2.4.4, VPN works only with account:

    CRL exist on the server. CA and cert are still valid.

    Yeah but has the CRL expired.. you can check with openssl to view when created when it needs to be updated. When you create the CRL you set amount of days until next update..

    [2.4.4-RELEASE][root@sg4860.local.lan]/var/etc/openvpn: openssl crl -in server1.crl-verify -text | grep Update
    Last Update: Oct 19 10:28:46 2018 GMT
    Next Update: Mar 5 10:28:46 2046 GMT

    So created a CRL and then checked it, See its next update not due til 2046... default of 9999 days.. You might need to recreate your CRL or update it, etc..



  • Ok That solve the problem for "CRL has expired". Now trouble with HMAC.
    I'm checking.



  • Solved.
    In client config file the line
    Auth SHA1
    must be replaced by
    Auth SHA256
    Thanks for help.


  • Rebel Alliance Global Moderator

    Not unless your server set for that ;) But sure ok glad you got it sorted.