brad at fnarfbargle.com
Mon Apr 4 10:17:41 UTC 2016
So I've just spent the best part of an hour trying to sort out why my
VPN was down.
I have a few machines dotted across the world all stitched together with
a little web of OpenVPN. I set this up back in 2006 when I was away and
in a country with oppressive internet monitoring/blocking policies and
it has served me well. So much so that I use it to manage the company
resources also. I woke up this morning to a flurry of mon e-mails
telling me all my remote services were off-line (so no outgoing e-mail,
secondary services or management interfaces, and more importantly no UK
Having just done a kernel upgrade, microcode update and completely
reworked my firewall in the last couple of days, of course my suspicions
naturally lies with one or more of those.
The reality was a bit more mundane. My CA and server certificate expired
this morning. When I set it up back in 2006, it was with the default 10
year validity on the expectation that one day I'd get around to putting
something better together.
Another hour or so re-issuing and re-deploying certificates and we're
all good to go.
Something to be aware of if you are like me and not actually on top of
your openssl configuration.
More information about the plug