Upgrade 2.7.2 disabled OpenVPN. Server certificate not in the list anymore
-
Hi
I upgraded from 2.7.0 to 2.7.2
My OpenVPN server has been disabled and I can't enable it as the server certificate is not in the list of available certificate.
Is there a trick to make the old certificate selectable and restart the OpenVPN server ?
thx -
Start with this trick : OpenVPN forum - first first pinned post : HEADS UP: OpenVPN deprecating shared key mode, requires TLS, deprecating cipher selection.
Example : If the certificate you've been using was to old, not secure enough anymore, it could have been 'thrown away' as OpenVPN can't use it anymore.
-
@Gertjan
thank you. It must be the cause.OpenVPN was still working "fine" with pfsense 2.7.0 and the deprecated server certificate.
I suppose someone had "cheated" and allowed old certs. Is this possible ?Is there a way to reenable in order to give access again to all the clients.
I would then be able to change every client config. But only if they can connect. Many (80+) are remote workers. -
@balmmva said in Upgrade 2.7.2 disabled OpenVPN. Server certificate not in the list anymore:
I suppose someone had "cheated" and allowed old certs. Is this possible ?
It's not the 'age', but the settings used to create the cert.
I'm using my OpenVPN server (and clients connected to it) with certs I created some where in 2017, they still work / are accepted.If you create new certs for each user (test first ^^) then you have to redeploy a openvpn client config for every user ....
-
@Gertjan
right. certs are not "old", they are obsolete. sha1