tickets #55901

Certs for infra openVPN expired

Added by almost 3 years ago. Updated almost 3 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:


I cannot connect to the infra VPN anymore. I need it to access the
boosters machine, which hosts connect.o.o and the TSP application.

I was debugging it with Martin Caj and looks like I need to renew my
openvpn certs (some logs say "TLS: tls_process: killed expiring key").

My username is ancorgs, btw. Martin just generated a fresh password for
me today.


Ancor González Sosa
YaST Team at SUSE Linux GmbH


#1 Updated by cboltz almost 3 years ago

  • Private changed from Yes to No

VPN still works for me, so at least it isn't a generic problem.

I'm not an expert in reading openvpn logs, but to me it looks like the password authentification failed.

Just to exclude the most boring error - you used your new password for the VPN login, right?

It could also be that sssd is doing funny[tm] things (would be new for the VPN, but is a well-known problem for ssh where it randomly caches "no authorized_keys for $user" even if the user has uploaded a public key in FreeIPA). I just restarted sssd on scar (the VPN server) just in case this guess is right ;-)

That all said - can you please try again? If it still fails, feel free to ping me on IRC for live debugging.

#2 Updated by mcaj almost 3 years ago

  • Assignee set to mcaj

#3 Updated by mcaj almost 3 years ago

  • % Done changed from 0 to 30

#5 Updated by ancorgs almost 3 years ago

  • Status changed from New to Resolved

Since the NetworkManager configuration in my laptop still didn't work with the new password and the new cert files, I created a whole new non-NetworkManager configuration in my workstation and that worked like a charm. I'm already logged in into boosters.infra.o.o.

So likely it was always an error on my side, sorry for the troubles.

Also available in: Atom PDF