OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

crl-verify causes server to crash when client connects

https://forums.openvpn.net/viewtopic.php?t=7055

Page 1 of 1

crl-verify causes server to crash when client connects

Posted: Tue Aug 31, 2010 7:27 am
by Fosters
Hi,

I am using OpenVPN 2.1_rc7 on ubuntu as a server, and connecting with a windows client.
My goal is to make sure that when I revoke a certificate it is not accepted anymore by the server.
For this I followed the instruction under http://openvpn.net/index.php/open-sourc ... tml#revoke
The problem is that as soon as I add the line : crl-verify <path>/revoke-<cert_name>.pem to my server config file, event the non-revoked certificates cannot connect to the server.
In fact, when going back to the server and checking for the openvpn process, I can see it went down.

As soon as I comment the crl-verify line everything works fine again...

Any idea why this doesn't work ?

Re: crl-verify causes server to crash when client connects

Posted: Wed Sep 01, 2010 6:44 am
by Fosters
Hi again. I finally solved my problem.
Just to help people that could have the same isssue, here is what hapened :

I realized that when running openvpn service from the command line, it was not crashing when a client connected, but when running it as a daemon it was crashing.

The problem was simple, as after being launched openvpn uses the nobody user, it was not able to find the crl.pem file with its relative path (the same used for server certificate for example).
The solution was simply to indicate the full pass to the revocation file.

Hope this will help some people as it could be tricky to find out.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/