Linux VPN Archives - Gkhan Tips

VPN Solution on Linux

OpenVPN CRL has expired

VERIFY ERROR: depth=0, error=CRL has expired: CN=servername

In order to fix the issue, we just need to recreate the crl.pem file.

we need to backup the current crl.pem file before creating a new one.

The location of the crl.pem file at /etc/openvpn/

#mv crl.pem crl.pem.back

Now go to easy-rsa folder

# cd easy-rsa

now generate crl.pem

# ./easyrsa gen–crl

Now copy the new crl.pem to openvpn folder

# cp –pr /etc/openvpn/easy–rsa/pki/crl.pem

Now restart openvpn service

source link :- https://www.jobishmathew.me/openvpn-crl-has-expired/

OPENVPN Logs

OPENVPN Logs
To troubleshoot connection issues check below logs

grep the client name in /var/log/messages
# grep VPN /var/log/messages

Check the connection time

#cat /etc/openvpn/openvpn-status.log

Check the connection negotiation activity

# tail -f /var/log/messages

GL-inet allow clients access from other Network

GL-inet allow clients ( behind the LAN ) access from other Network

Edit the firewall add following lines

vi /etc/config/firewall

config forwarding
 option dest 'lan'
 option src 'VPN_client'

Restart firewall service

/etc/init.d/firewall restart

How to install PPTP Server on Cent OS

Step-1 Forward GRE protocol and TCP port 1723 through your firewall

Step-2 Add the Poptop Yum Repository

rpm -Uhv http://poptop.sourceforge.net/yum/stable/rhel5/pptp-release-current.noarch.rpm

Step-3 Configure iptables

Create iptables_set.sh, chmod +x iptables_set.sh, and run the script.

Note: The following will work but you may wish to change the source address from 10.10.9.0/24 to the network range of your choosing based on your network.

#!/bin/bash
/sbin/iptables -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp –dport 1723 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p gre -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
/sbin/service iptables save
/sbin/iptables -L -v

Step-4 Configure Routing

Edit /etc/sysctl.conf

net.ipv4.ip_forward = 1

Step-5 Make the changes active

sysctl -p

Step-6 Install PPTP Server

yum install ppp pptpd

Step-7 Configure the service to start on boot

chkconfig –levels 345 pptpd on
Step-7 Configure Client Network Options change IP address according to your requirement

Modify /etc/pptpd.conf

localip 10.10.11.1
remoteip 10.10.11.5-100

Modify /etc/ppp/options.pptpd
ms-dns 208.67.222.222
ms-dns 208.67.220.220

Step-8 Configure Client Access

You will need to customize the client name, secret (password), and you can either allow all IP address or limit as necessary.

Edit /etc/ppp/chap-secrets.

# Secrets for authentication using CHAP
# client server secret IP addresses
test-user * test-password *

Step-9 Start the Server

Start the pptpd service

service pptpd start

Step-10 Configure the Client

source link

Gkhan Tips

Gkhan IT Tips for Systems and Network Administrators

Category: Linux VPN

OpenVPN CRL has expired

OpenVPN CRL has expired

OPENVPN Logs

GL-inet allow clients access from other Network

How to install PPTP Server on Cent OS