pivpn: PiVPN stopped working, was working previously

PiVPN Issue Template

Console output of curl install.pivpn.io | bash

Console output of pivpn add or pivpn add nopass

Console output of pivpn debug

:::                                     :::
::              PiVPN Debug              ::
:::                                     :::
::      Latest Commit                    ::
:::                                     :::
commit [redacted]
Author: 0-kaladin <0.kaladin@gmail.com>
Date:   Mon Feb 27 21:01:23 2017 -0500

    Update README for IRC channel

    Due to discontinuation of Google Spaces
:::                                     :::
::      Recursive list of files in       ::
::      /etc/openvpn/easy-rsa/pki        ::
:::                                     :::
/etc/openvpn/easy-rsa/pki/:
[Redacted].ovpn
ca.crt
Default.txt
dh2048.pem
[Redacted].ovpn
index.txt
index.txt.attr
index.txt.attr.old
index.txt.old
[Redacted].ovpn
issued
private
serial
serial.old
ta.key

/etc/openvpn/easy-rsa/pki/issued:
[Redacted].crt
[Redacted].crt

/etc/openvpn/easy-rsa/pki/private:
[Redacted].key
ca.key
[Redacted].key

:::                                     :::
::      Output of /etc/pivpn/*           ::
:::                                     :::
:: START /etc/pivpn/DET_PLATFORM ::
Raspbian
:: END /etc/pivpn/DET_PLATFORM ::
:: START /etc/pivpn/INSTALL_PORT ::
443
:: END /etc/pivpn/INSTALL_PORT ::
:: START /etc/pivpn/INSTALL_PROTO ::
tcp
:: END /etc/pivpn/INSTALL_PROTO ::
:: START /etc/pivpn/INSTALL_USER ::
[Redacted]
:: END /etc/pivpn/INSTALL_USER ::
:: START /etc/pivpn/NO_UFW ::
1
:: END /etc/pivpn/NO_UFW ::
:: START /etc/pivpn/pivpnINTERFACE ::
eth0
:: END /etc/pivpn/pivpnINTERFACE ::
:: START /etc/pivpn/REVOKE_STATUS ::
0
:: END /etc/pivpn/REVOKE_STATUS ::
:::                                     :::
:: /etc/openvpn/easy-rsa/pki/Default.txt ::
:::                                     :::
client
dev tun
proto tcp
remote [Redacted] 443
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server name
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 1
:::                                     :::
::      Debug Output Complete            ::
:::                                     :::

Issue

PiVPN was working great until a couple of days ago. I was able to connect with up to 5 different devices, now none of them connect. The service is running on the raspberry pi, but no luck connecting.

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 24 (8 by maintainers)

Most upvoted comments

Well I found the solution for me - hopefully it helps you too!

Found that /var/log/openvpn.log on the RPi had the line “VERIFY ERROR: depth=0, error=CRL has expired” Searching that gave several results saying to regenerate the Certificate Revocation List, but I couldn’t find how to do this with pivpn.

Found this workaround and it worked: use pivpn to add a new user, then revoke the user - the revoke output notes that it regenerates the CRL. I was then able to connect again straightaway 😃 https://forums.openvpn.net/viewtopic.php?t=26585

+1
halpingregory on Nov 14, 2018
Read more comments on GitHub
← pivpn: PIVPN stopped after no changes - cant't explain it
pivpn: Possible conflict between ufw and iptables-persistent →