Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    After upgrade pfsense to 2.4.4, VPN works only with account

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    6 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zdenek
      last edited by

      After upgrading pfsense to 2.4.4, only one account works. On my PC, I join my VPN (Viscosity) account and it all works. If I connect to VPN another account on the same PC, I will join the VPN, but I can not get anywhere. I can not ping any network. After the upgrade to I have this problem already on two pfsense. I tried to create new certificates, checked the router print, and everything was fine. Has anyone ever met this problem? I'll be happy for any advice. Thanks

      1 Reply Last reply Reply Quote 0
      • C
        ccnet
        last edited by

        After upgrading to 2.4.4 vpn connection are no longer working. Openvpn log say :
        VERIFY ERROR : error=CRL has expired.
        CRL exist on the server. CA and cert are still valid.

        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @ccnet
          last edited by

          @ccnet said in After upgrade pfsense to 2.4.4, VPN works only with account:

          CRL exist on the server. CA and cert are still valid.

          Yeah but has the CRL expired.. you can check with openssl to view when created when it needs to be updated. When you create the CRL you set amount of days until next update..

          [2.4.4-RELEASE][root@sg4860.local.lan]/var/etc/openvpn: openssl crl -in server1.crl-verify -text | grep Update
          Last Update: Oct 19 10:28:46 2018 GMT
          Next Update: Mar 5 10:28:46 2046 GMT

          So created a CRL and then checked it, See its next update not due til 2046... default of 9999 days.. You might need to recreate your CRL or update it, etc..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • C
            ccnet
            last edited by

            Ok That solve the problem for "CRL has expired". Now trouble with HMAC.
            I'm checking.

            1 Reply Last reply Reply Quote 0
            • C
              ccnet
              last edited by ccnet

              Solved.
              In client config file the line
              Auth SHA1
              must be replaced by
              Auth SHA256
              Thanks for help.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                Not unless your server set for that ;) But sure ok glad you got it sorted.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.