I have a pfSense 2.2.6 system successfully running 25 site-to-site OpenVPN connections.
The setup uses a 2 tier PKI infrastructure as follows:
- Root CA installed in cert manager
Intermediate CA signed by Root in cert manager
OpenVPN client certs signed from Intermediate CA
OpenVPN server cert signed from Intermediate CA
Cert manager created the CRLs for the Root and Intermediate CAs
The OpenVPN server has the Intermediate CA as the Peer CA and the Intermediate CA's CRL as the Peer CRL in the config.
The clients all have a full certificate chain installed
Code: Select all
openvpn[24740]: vpn-client-1/xx.xxx.xxx.xxx:xxxxx CRL: CRL /var/etc/openvpn/server3.crl-verify is from a different issuer than the issuer of certificate <...intermeidate CA...>
Any help greatly appreciated.