Articles for Linux

OpenVPN CRL has expired

OpenVPN CRL has expired

VERIFY ERROR: depth=0, error=CRL has expired: CN=servername

In order to fix the issue, we just need to recreate the crl.pem file.

we need  to backup the current crl.pem file before creating a new one.

The location of the  crl.pem file  at /etc/openvpn/

#mv  crl.pem  crl.pem.back

Now go to  easy-rsa  folder

# cd  easy-rsa

now generate crl.pem

./easyrsa gencrl

Now copy the new crl.pem to openvpn folder

# cp pr /etc/openvpn/easyrsa/pki/crl.pem

Now restart openvpn service


source link :-


To troubleshoot connection issues check below logs

grep the client name  in /var/log/messages
# grep VPN    /var/log/messages

Check the connection time

#cat /etc/openvpn/openvpn-status.log

Check the connection negotiation activity

# tail -f /var/log/messages


iptables port forwarding

iptables port forwarding

I am port forwarding  public ip x.x.x.x  to private ip  .

iptables -A INPUT -i eth0 -p tcp –dport 5001 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp –sport 5001 -m state –state ESTABLISHED -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp –dport 5001 -j DNAT –to-destination

Continue reading iptables port forwarding

How to Show All NAT Tables Rules IPTABLES

How to Show All NAT Tables Rules IPTABLES

iptables -t nat -L
iptables -t nat -L -n -v | grep 'something'
iptables -t nat -L -n -v

The netstat-nat command display the natted connections on a Linux iptable firewall

yum install netstat-nat

# netstat-nat -n
To display SNAT connections, run:
# netstat-nat -S
To display DNAT connections, type:
# netstat-nat -D

List NAT 

iptables -t nat –line-numbers -L

Delete rule no 6 

iptables -t nat -D PREROUTING 6


no “setup” command found in CentOS minimal install

no “setup” command found in CentOS minimal install

In Minimum Install this will not get install

If we got below Error, we need to install some packages to get work with setup command

[ ~] setup
-bash: setup: command not found

Here we can see how to install in minimal install

yum install setuptool -y
yum install system-config-network* -y
yum install system-config-firewall* -y
yum install system-config-securitylevel-tui -y
yum install system-config-keyboard -y
yum install ntsysv -y

Now we can use the setup utility, That’s it.

fail2ban missing whois program

fail2ban missing whois program

missing whois program in fail2ban email alerts . you are not able to receive IP information .

#yum search whois

gnome-nettool.x86_64 : A GNOME interface for various networking tools
jwhois.x86_64 : Internet whois/nicname client.
perl-Net-Whois.noarch : Get and parse “whois” domain data from InterNIC
perl-Net-Whois-IP.noarch : Perl extension for looking up the whois information
: for ip addresses

# yum install jwhois.x86_64

now test whois command

Continue reading fail2ban missing whois program

How to Install the noip Client on Linux

How to Install the noip Client on Linux

noip  provides free Dynamic DNS services  ( as DynDns was providing but its allow only three hostnames as free.

This guide will walk you through the installation and setup of the Dynamic Update Client (DUC) on a computer running Linux.  If you are using Ubuntu or Debian Linux please check our support site for guides on their specific setup.

If you are using Ubuntu Linux, please click here.

Continue reading How to Install the noip Client on Linux