After upgrading to OpenVPN 2.4.0, I got the following error when trying to connect to OpenVPN:
TLS: Initial packet from [AF_INET]x.x.x.x:50263, sid=2bd2de7a bd6f8694
VERIFY ERROR: depth=0, error=CRL has expired: CN=louis
OpenSSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
SIGUSR1[soft,tls-error] received, client-instance restarting
It appears that OpenVPN 2.4 doesn't accept CRLs with a nextUpdate value that is in the past.
Fixing this issue is simple: regenerate the CRL.
I used EasyRSA to generate my CRL in the past, so I was able to fix it using these commands:
systemctl restart openvpn
This post explains how to add IPv6 to OpenVPN and route to the internet.
Some steps in this post may not be necessary or optimal.
This post only contains the steps I took to make IPv6 work: I didn't do any research.
|OpenVPN IPv6 pool
Enable IPv6 forwarding
Execute the following command to enable IPv6 forwarding:
Add (or uncomment) the following line to
/etc/sysctl.conf to auto enable forwarding on next boot as well:
Enable IPv6 NAT
iptables, so install it:
apt install iptables
Execute the following commands, this will route OpenVPN clients to and from the server's IPv6 address and open the OpenVPN interface (make sure to replace the server IPv6 address):
ip6tables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -I FORWARD -s 2001:db8:0:123::/64 -j ACCEPT
ip6tables -I INPUT -p udp --dport 1194 -j ACCEPT
ip6tables -t nat -A POSTROUTING -s 2001:db8:0:123::/64 -j SNAT --to 2a00:d880:5:7fe::6ad8
You can add these commands to
/etc/rc.local (for example) to apply them on boot as well.
Enable IPv6 in OpenVPN
Add the following lines to the server configuration:
push "route-ipv6 2000::/3"
All required configuration has been completed, restart OpenVPN:
systemctl restart openvpn
To allow only specific IP addresses to connect to a specific port, use the following
iptables -I INPUT -p tcp -s 0.0.0.0/0 --dport 3306 -j DROP
iptables -I INPUT -p tcp -s 192.168.1.100 --dport 3306 -j ACCEPT
tcp is the protocol (may also be
192.168.1.100 is the IP address (change it to the one you want to allow)
3306 is the port number (change it as well)
The first command blocks all communiation for this port.
The second command then adds an exception for a specific IP address.
The second command can be repeated for any IP address that should be allowed.
To use drop shadow on text in GIMP:
- Insert text
- Right click the text layer and choose
Text to Path
- Open the
Select menu and choose
- Open the
Filters menu, choose
Lights and Shadow, and click
- Adjust the settings to your needs and click
KeePass 2.x only supports SSL 3 and TLS 1.0. As I don't want to enable TLS 1.0 for my websites, I couldn't use KeePass with WebDAV.
I've opened a bug report for this problem.
Recently I thought of a solution for this problem: I simply created a virtual host on a different port so I could enable TLS 1.0 just on that port.
Fixing the code yourself
Another solution would be building KeePass yourself. This requires a bit of programming language, but I'll explain:
Now you have KeePass with TLS 1.1 and TLS 1.2 support. The executable is located in the
Build\KeePass\Release directory in the source code directory.
Recently, a computer (Windows 10) had a limited network connection, and when using the troubleshooter I got "one or more network protocols are missing".
I've tried many software fixes, but not any of them worked. I reinstalled Windows completely, upgraded the UEFI and even reset it, installed an additional NIC and even tried a cable from a PC that had a working internet connection, but the issue persisted.
Eventually I found the problem. It was another network device that was somehow interfering with the network. I unplugged that device from the network, and everything worked perfectly fine again.