Fix for VPN - CRL Expires after 6 Months, Phones Cannot Connect

This is an issue that I’ve been working with support on for many months, and they have had no success fixing it, so we found a solution ourselves, and are posting here for anyone else who encounters this issue:

We are using the VPN built in to FreePBX (OpenVPN). Every six months the CRL will expire and all phones will stop connecting forcing us to go to the VPN Server and disable > save > enable > save in System Admin to get it to restart and regenerate a new CRL.

To fix this permanently, from SSH/Shell:

Navigate to /etc/openvpn/easyrsa3
Edit openssl-1.0.cnf

Change these parameters to something far in the future (I’ll put 3000 for example)
default_days = 3000
default_crl_days = 3000

Stop the VPN service then start it again

Updating Framework and Certman module, you can set it up this value in: Advanced Settings - Certificate Manager - Validity period of the certificate (in days)

That was the fix that was created and suggested by the support rep in our ticket, but it did not work (tested on 6 different servers, all with latest versions of all modules). The CRL expiration date is unaffected by this change in advanced settings.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.