Phone VPN problem - which certificate and how do I regenerate?


#1

My Sangoma phone connected via VPN dropped off today. I found the following errors in /var/log/messages -

Which certificate is this and how do I regenerate it? And does it need to be pushed to the phone or is it server side?

Feb 1 19:45:54 freepbx openvpn: Mon Feb 1 19:45:54 2021 **136.49.xx.xx** :41601 TLS: Initial packet from [AF_INET] **136.49.xx.xx** :41601, sid=a14a116c ed826552

Feb 1 19:45:55 freepbx openvpn: Mon Feb 1 19:45:55 2021 **136.49.xx.xx** :41601 VERIFY ERROR: depth=0, error=CRL has expired: CN=client7

Feb 1 19:45:55 freepbx openvpn: Mon Feb 1 19:45:55 2021 **136.49.xx.xx** :41601 OpenSSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed

Feb 1 19:45:55 freepbx openvpn: Mon Feb 1 19:45:55 2021 **136.49.xx.xx** :41601 TLS_ERROR: BIO read tls_read_plaintext error

Feb 1 19:45:55 freepbx openvpn: Mon Feb 1 19:45:55 2021 **136.49.xx.xx** :41601 TLS Error: TLS object -> incoming plaintext read error

Feb 1 19:45:55 freepbx openvpn: Mon Feb 1 19:45:55 2021 **136.49.xx.xx** :41601 TLS Error: TLS handshake failed

Feb 1 19:45:55 freepbx openvpn: Mon Feb 1 19:45:55 2021 **136.49.xx.xx** :41601 SIGUSR1[soft,tls-error] received, client-instance restarting

#2

I turned the VPN off / on (based on a google search of this site). Then rebuilt the phone in endpoint manager.

All good now!

Is there something I should be doing regularly to avoid this in the future?