December 11, 2008 at 3:53 pm #41356
not sure if this is a bug ….
When my Alix / zeroshell router reboots, the date is 1/1/1980. This means that the openVPN connection can’t start up as zeroshell thinks that the certificates aren’t valid yet.
I have to sync date/time manually through the web interface before the openVPN connection can come up.
It would be nice if my zeroshell router could reboot without my assistance, e.g. when I’m not at home.
ChristianDecember 17, 2008 at 12:35 pm #47273
Yes, I thought of having certificates with a start date before the system time the ALIX comes up with, but I can’t get openssl to generate a start date before the current date…
ChristianJanuary 6, 2009 at 11:02 am #47274
I found a solution to this problem – I’ve installed ubuntu on a virtual machine using virtualbox, installed openvpn, and set the system date to 1/1/1999 with the command
date -s 01/01/1999
Then I set the validity to 10000 days and generate the certificates.
Now I can power cycle the Alix box and my openvpn tunnel comes back up automatically.
ChristianJanuary 12, 2009 at 10:17 pm #47275
As fluvio himself already said somewhere in this forum (I think I’m not mistaken) another solution to that problem is to solder a battery to the alix board (or the battery support as I already did). This way the RTC retains thhe value upon reboot or powerloss…
The battery placement exists in the board, but most alix vendors don’t assemble a battery support. If you search the board manuals you would find the necessary info.
Nevertheless, this could be prevented if the network interfaces where brought up before ntp, then ntp and then any certificate dependant service (ow that the date is correctly setup. Don’t know if this is possible though.July 27, 2009 at 2:24 pm #47276
As ALIX board user I found this quite annoying as well.
A possible solution is within the boot process to do ntp prior to ntp daemon starts.
A simple script in /etc/init.d with correct link in /etc/rc3.d would allow such time synchronization right after network is up and before ntp daemon starts. Of course certificates get afterwards.
Note that new image is necessary for this to hold as /etc/init.d is in RAM and loaded from the Z iso partition.
SchoopyOctober 16, 2009 at 6:31 am #47277
I had the same problem with my ALIX board… A simple solution for me was to place a command in the POST BOOT SCRIPT
Maybe this works for you??
PS: I have a OpenVPN LAN2LAN connection… I never had the problem that it did not come up after reboot.November 7, 2011 at 4:53 pm #47278
This is by far the cleanest option. I followed the POST BOOT advice, and intend to add the battery as well. I was having problems getting a DHCP response from a picky satellite modem when the time was too far out in the past.
You must be logged in to reply to this topic.