[plug] OpenVPN

[Brad Campbell]

So I've just spent the best part of an hour trying to sort out why my 
VPN was down.

I have a few machines dotted across the world all stitched together with 
a little web of OpenVPN. I set this up back in 2006 when I was away and 
in a country with oppressive internet monitoring/blocking policies and 
it has served me well. So much so that I use it to manage the company 
resources also. I woke up this morning to a flurry of mon e-mails 
telling me all my remote services were off-line (so no outgoing e-mail, 
secondary services or management interfaces, and more importantly no UK 
iPlayer!).

Having just done a kernel upgrade, microcode update and completely 
reworked my firewall in the last couple of days, of course my suspicions 
naturally lies with one or more of those.

The reality was a bit more mundane. My CA and server certificate expired 
this morning. When I set it up back in 2006, it was with the default 10 
year validity on the expectation that one day I'd get around to putting 
something better together.

Another hour or so re-issuing and re-deploying certificates and we're 
all good to go.

Something to be aware of if you are like me and not actually on top of 
your openssl configuration.

Brad