Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No Clients Can Connect To OpenVPN Due to CRL Expiry

    Scheduled Pinned Locked Moved OpenVPN
    openvpnvpnbugcrlopenssl
    17 Posts 10 Posters 6.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimpJ
      jimp Rebel Alliance Developer Netgate
      last edited by

      I merged the fix in yesterday evening.

      You can install the System Patches package and then create an entry for a3c1589086ea67d25a28ec14ab95d7fd9ab25fa2 to apply the fix.

      It will be added as a "Recommended Patch" in the System Patches package soon, but in the meantime it is safe to add a manual entry to obtain the fix now.

      Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      jeffreynJ W 3 Replies Last reply Reply Quote 7
      • jeffreynJ
        jeffreyn @jimp
        last edited by

        Thank you @jimp for the speedy patch on this. I am in the middle of a a rollout to end users and got hit this morning when I made a configuration change. I applied the patch and re-saved the openvpn configuration and I'm back up now. Thank you again.

        1 Reply Last reply Reply Quote 1
        • W
          Woody 1 @jimp
          last edited by

          @jimp

          And thanks from me too! I applied the patch as per your instructions (did not even know about the 'patches' package) and OpenVPN is working fine again. pfSense is a brilliantly supported firewall ๐Ÿ‘

          1 Reply Last reply Reply Quote 2
          • S
            Stux
            last edited by

            Just another ๐Ÿ‘

            Started hearing from WFHers that the VPN was down.

            Figured out the CRL was reporting 1950 as next update, and found this post.

            The system patch package is worth knowing about :)

            OpenVPN restored after installing patch, and reloading the service. Great.

            Thanks

            1 Reply Last reply Reply Quote 0
            • V
              vbredjp
              last edited by

              Got this problem today was pulling hairs why my open vpn server not working found this topic
              reduced crl time to 200 days and fixed thank you.

              W 1 Reply Last reply Reply Quote 0
              • W
                why @vbredjp
                last edited by

                @vbredjp @jimp @mmulqueen

                Would also like to add my gratitude for quick identification and patch solution for this issue.

                It bit me yesterday and I not see what was wrong with the path I had trodden many times before in setting up a link. Discovered this solution and the patch fixed it. Thank you.

                1 Reply Last reply Reply Quote 0
                • D
                  dougs
                  last edited by

                  Got bit by this bug when our firewall rebooted due to a power blackout after being up for 187 days. Was so glad to come across this System Patches and be able to apply the needed patch and get back up quickly! pfSense is a great firewall product!

                  1 Reply Last reply Reply Quote 0
                  • F
                    flat4
                    last edited by

                    just ran into this since i had not use my vpn, thanks to everyone it got me fixed up.

                    1 Reply Last reply Reply Quote 0
                    • jeffreynJ
                      jeffreyn @jimp
                      last edited by

                      @jimp I applied the patch when it was released. I'm reading the release notes for 23.01 and see Issue #13424 has been addressed in the new version. Do I need to do anything like remove the patch before or after I upgrade? Or does everything take care of itself?

                      jimpJ 1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate @jeffreyn
                        last edited by

                        @jeffreyn said in No Clients Can Connect To OpenVPN Due to CRL Expiry:

                        @jimp I applied the patch when it was released. I'm reading the release notes for 23.01 and see Issue #13424 has been addressed in the new version. Do I need to do anything like remove the patch before or after I upgrade? Or does everything take care of itself?

                        You do not need to do anything with the patch after upgrading. You can delete the entry from the system patches package.

                        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.