Actions
Bug #3694
closedSome certificates not in CRL is also blocked
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
06/05/2014
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1.2
Affected Architecture:
Description
Hi,
I've an OpenVPN server with many users. 3 of them are in a CRL which is used by the openvpn server.
Another user, which is NOT in the CRL, is also blocked.
When I try to connect, the server stops sending data / answering requests (like it does for all legitimately blocked users)
Thu Jun 5 15:47:54 2014 us=299224 UDPv4 READ [50] from [AF_INET]XXX.XXX.XXX.XXX:1194: P_ACK_V1 kid=0 pid=[ #50 ] [ 19 ] Thu Jun 5 15:47:54 2014 us=299276 UDPv4 WRITE [142] to [AF_INET]XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 pid=[ #55 ] [ ] pid=23 DATA len=100 Thu Jun 5 15:47:54 2014 us=316243 UDPv4 READ [50] from [AF_INET]XXX.XXX.XXX.XXX:1194: P_ACK_V1 kid=0 pid=[ #51 ] [ 20 ] Thu Jun 5 15:47:54 2014 us=316329 UDPv4 WRITE [142] to [AF_INET]XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 pid=[ #56 ] [ ] pid=24 DATA len=100 Thu Jun 5 15:47:54 2014 us=322205 UDPv4 READ [50] from [AF_INET]XXX.XXX.XXX.XXX:1194: P_ACK_V1 kid=0 pid=[ #52 ] [ 21 ] Thu Jun 5 15:47:54 2014 us=322289 UDPv4 WRITE [142] to [AF_INET]XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 pid=[ #57 ] [ ] pid=25 DATA len=100 Thu Jun 5 15:47:54 2014 us=325393 UDPv4 READ [50] from [AF_INET]XXX.XXX.XXX.XXX:1194: P_ACK_V1 kid=0 pid=[ #53 ] [ 22 ] Thu Jun 5 15:47:54 2014 us=325555 UDPv4 WRITE [142] to [AF_INET]XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 pid=[ #58 ] [ ] pid=26 DATA len=100 Thu Jun 5 15:47:54 2014 us=331031 UDPv4 READ [50] from [AF_INET]XXX.XXX.XXX.XXX:1194: P_ACK_V1 kid=0 pid=[ #54 ] [ 23 ] Thu Jun 5 15:47:54 2014 us=331083 UDPv4 WRITE [142] to [AF_INET]XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 pid=[ #59 ] [ ] pid=27 DATA len=100 Thu Jun 5 15:47:54 2014 us=350127 UDPv4 READ [50] from [AF_INET]XXX.XXX.XXX.XXX:1194: P_ACK_V1 kid=0 pid=[ #55 ] [ 24 ] Thu Jun 5 15:47:54 2014 us=350234 UDPv4 WRITE [142] to [AF_INET]XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 pid=[ #60 ] [ ] pid=28 DATA len=100 Thu Jun 5 15:47:54 2014 us=356120 UDPv4 READ [50] from [AF_INET]XXX.XXX.XXX.XXX:1194: P_ACK_V1 kid=0 pid=[ #56 ] [ 25 ] Thu Jun 5 15:47:54 2014 us=356200 UDPv4 WRITE [142] to [AF_INET]XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 pid=[ #61 ] [ ] pid=29 DATA len=100 Thu Jun 5 15:47:56 2014 us=810121 UDPv4 WRITE [142] to [AF_INET]XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 pid=[ #62 ] [ ] pid=28 DATA len=100 Thu Jun 5 15:47:58 2014 us=37638 UDPv4 WRITE [142] to [AF_INET]XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 pid=[ #63 ] [ ] pid=26 DATA len=100 Thu Jun 5 15:47:58 2014 us=37790 UDPv4 WRITE [142] to [AF_INET]XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 pid=[ #64 ] [ ] pid=29 DATA len=100 Thu Jun 5 15:47:59 2014 us=265235 UDPv4 WRITE [142] to [AF_INET]XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 pid=[ #65 ] [ ] pid=27 DATA len=100 Thu Jun 5 15:48:00 2014 us=492755 UDPv4 WRITE [142] to [AF_INET]XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 pid=[ #66 ] [ ] pid=28 DATA len=100 Thu Jun 5 15:48:02 2014 us=947535 UDPv4 WRITE [142] to [AF_INET]XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 pid=[ #67 ] [ ] pid=26 DATA len=100 Thu Jun 5 15:48:04 2014 us=174930 UDPv4 WRITE [142] to [AF_INET]XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 pid=[ #68 ] [ ] pid=27 DATA len=100 Thu Jun 5 15:48:04 2014 us=175050 UDPv4 WRITE [142] to [AF_INET]XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 pid=[ #69 ] [ ] pid=29 DATA len=100 Thu Jun 5 15:48:08 2014 us=443733 UDPv4 WRITE [142] to [AF_INET]XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 pid=[ #70 ] [ ] pid=28 DATA len=100 Thu Jun 5 15:48:10 2014 us=578226 UDPv4 WRITE [142] to [AF_INET]XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 pid=[ #71 ] [ ] pid=26 DATA len=100 Thu Jun 5 15:48:12 2014 us=712743 UDPv4 WRITE [142] to [AF_INET]XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 pid=[ #72 ] [ ] pid=27 DATA len=100 Thu Jun 5 15:48:13 2014 us=780101 UDPv4 WRITE [142] to [AF_INET]XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 pid=[ #73 ] [ ] pid=29 DATA len=100
Other users are not affected...
If I set the "Peer Certificate Revocation List" setting back to "none", he can connect (as all of the users in the CRL).
I've verified the config.xml for a potential misconfiguration but CN and private key are unique and specific to each user.
Any ideas ?
Actions