VPN Solution on Linux

OpenVPN CRL has expired

OpenVPN CRL has expired

VERIFY ERROR: depth=0, error=CRL has expired: CN=servername

In order to fix the issue, we just need to recreate the crl.pem file.

we need  to backup the current crl.pem file before creating a new one.

The location of the  crl.pem file  at /etc/openvpn/

#mv  crl.pem  crl.pem.back

Now go to  easy-rsa  folder

# cd  easy-rsa

now generate crl.pem

./easyrsa gencrl

Now copy the new crl.pem to openvpn folder

# cp pr /etc/openvpn/easyrsa/pki/crl.pem

Now restart openvpn service


source link :- https://www.jobishmathew.me/openvpn-crl-has-expired/


To troubleshoot connection issues check below logs

grep the client name  in /var/log/messages
# grep VPN    /var/log/messages

Check the connection time

#cat /etc/openvpn/openvpn-status.log

Check the connection negotiation activity

# tail -f /var/log/messages


How to install PPTP Server on Cent OS

Step-1 Forward GRE protocol and TCP port 1723 through your firewall

Step-2 Add the Poptop Yum Repository

rpm -Uhv http://poptop.sourceforge.net/yum/stable/rhel5/pptp-release-current.noarch.rpm

Step-3 Configure iptables

Create iptables_set.sh, chmod +x iptables_set.sh, and run the script.

Note: The following will work but you may wish to change the source address from to the network range of your choosing based on your network.

/sbin/iptables -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp –dport 1723 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p gre -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
/sbin/service iptables save
/sbin/iptables -L -v

Step-4 Configure Routing

Edit /etc/sysctl.conf

net.ipv4.ip_forward = 1

Step-5 Make the changes active

sysctl -p

Step-6 Install PPTP Server

yum install ppp pptpd

Step-7 Configure the service to start on boot

chkconfig –levels 345 pptpd on
Step-7 Configure Client Network Options change IP address according to your requirement

Modify /etc/pptpd.conf


Modify /etc/ppp/options.pptpd

Step-8 Configure Client Access

You will need to customize the client name, secret (password), and you can either allow all IP address or limit as necessary.

Edit /etc/ppp/chap-secrets.

# Secrets for authentication using CHAP
# client          server          secret                           IP addresses
test-user       *                   test-password               *

Step-9 Start the Server

Start the pptpd service

service pptpd start

Step-10 Configure the Client

source link