OpenVPN Expired Cert Notification

General questions.
Post Reply
bloater99
Posts: 474
Joined: October 13th, 2014, 3:47 pm

OpenVPN Expired Cert Notification

Post by bloater99 » October 18th, 2017, 3:59 pm

I was just troubleshooting an OpenVPN user that couldn't connect. Turns out the generated cert on IPFire had reached its expiration date. The trouble was, there was no warning either on IPFire itself, nor in the OpenVPN client when trying to connect. It seems like this should be something that is passed on to the user so they know to get re-keyed BEFORE they are out of town, needing to access remote shares.

I don't know where this responsibility should lie: a notification in the IPFire GUI, or the OpenVPN client software during connection? Any opinions?
Image

Image

ummeegge
Community Developer
Community Developer
Posts: 4434
Joined: October 9th, 2010, 10:00 am

Re: OpenVPN Expired Cert Notification

Post by ummeegge » October 18th, 2017, 4:39 pm

Hi bloater99,
longer time ago i wrote a script for a user in the forum which should serve some of your quested points. This thread --> viewtopic.php?t=11513#p75462 is sadly in german but may the code can give you some indeas.
If i remember it right, the script checks the actual date against OpenVPNs index.txt and calculates the differences. If a limit has been reached it fires an email. OpenVPN certificates with OpenSSL maximum (999999) are excluded. You can configure the 'days before' you should get an alert mail in the

Code: Select all

ALERT="5";
line. Default are 5 days, there is the need for sendEmail --> http://wiki.ipfire.org/en/optimization/ ... mail/start and a possiblity of GPG encryption is set (Pubkey needed). Script can then be placed e.g. under frcon.daily for daily checks.

This was only an idea for the TO but there has only been one answer until now (not much testings, so still possible work to do on it), that´s why the debugger is still active and sending the mail is commented but it delivers an echo if it will send a message or not.

As an idea.

Greetings,

UE
Image
Image
Image

ummeegge
Community Developer
Community Developer
Posts: 4434
Joined: October 9th, 2010, 10:00 am

Re: OpenVPN Expired Cert Notification

Post by ummeegge » October 20th, 2017, 9:47 am

Have rewrote the script a little. In here --> https://github.com/ummeegge/scripts/blo ... n_check.sh the new version can be found.

Testings and feedback, fixes enhancements and all that might be nice.

Greetings,

UE
Image
Image
Image

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests