1

I can't connect to openVPN. The error from the /var/log/openvpn file is below. I tried several solutions I found on internet forums but I still can't fix this issue. Could you please suggest a solution for this.

322.194.25.95:50805 WARNING: Failed to stat CRL file, not reloading CRL.
322.194.25.95:50805 VERIFY ERROR: depth=0, error=CRL has expired: CN=xxx, serial=48224189780147007500459476518371450603
322.194.25.95:50805 OpenSSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
322.194.25.95:50805 TLS_ERROR: BIO read tls_read_plaintext error
322.194.25.95:50805 TLS Error: TLS object -> incoming plaintext read error
322.194.25.95:50805 TLS Error: TLS handshake failed
322.194.25.95:50805 SIGUSR1[soft,tls-error] received, client-instance restarting```
swimfar2
  • 103
  • 8
kg_p
  • 13
  • 1
  • 3

1 Answers1

2

This error means that your server config has specified a crl (certificate revocation list) file but the openvpn server cannot find it. Please look for a directive in your server.conf configuration file that looks like crl-verify and confirm whether or not there is a crl file in the openvpn directory matching that name.

Next, the issue could be that your CRL has expired and you need to generate a new one using easyrsa. You can generate a new crl file using

./easyrsa gen-crl

And copy the crl to the openvpn configuration directory.

2ps
  • 15,099
  • 2
  • 27
  • 47