OpenVPN: certificate is not yet valid edit

When OpenVPN authentication process fails during a connection attempt with an error message like 'certificate is not yet vaild', check the date of your machine. According to a web source, it is required to have synchronized time between VPN server and client.

Correct time OpenVPN requires client and server to have more or less synchronized time. Therefore make sure that router has correct time. To check it use command date and if you get info about year 1970, you should enable NTP client. Also, ntp server has to be outside of your VPN as time should be corrected before VPN is established. If you have syslog enabled (to local server, or the server outside your VPN), errors like TLS Error: Unroutable control packet received from server_ip:1194 may indicate this problem. (This error message may appear if your certificates are not valid or have expired, too.) If you get an error message saying that your certificate is not yet valid, set the dd-wrt clock to UTC time (in the first configuration page).

To synchronize time, you can use ntpdate tool:

# ntpdate pool.ntp.org

References

  • http://www.dd-wrt.com/wiki/index.php/OpenVPN
  • http://www.justin.my/2011/04/how-to-synchronize-date-and-time-in-linux-console/
Newer -> <- Older