RMS VPN certificate expired on router

Hello

I’ve been using the RMS VPN service for more than a year since it was introduced at a real estate company.
There was one issue with it at the start where I had to re-create the whole HUB after a couple of months due to changes in the RMS VPN service from Teltonika, but other than that it has worked great, up until now.
The RMS VPN is dead after the new year.

There has been no change whatsoever in the environment with the customers RMS VPN and when I’m logging in to the HUB router I find that the Open VPN configuration lists this as an error;

Thu Jan 9 12:54:21 2025 daemon.notice openvpn(rms_Tu2oYns7uoKbWxAh)[5857]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:34773
Thu Jan 9 12:54:21 2025 daemon.notice openvpn(rms_Tu2oYns7uoKbWxAh)[5857]: UDP link local: (not bound)
Thu Jan 9 12:54:21 2025 daemon.notice openvpn(rms_Tu2oYns7uoKbWxAh)[5857]: UDP link remote: [AF_INET]3.69.106.81:34773
Thu Jan 9 12:55:21 2025 daemon.err openvpn(rms_Tu2oYns7uoKbWxAh)[5857]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Jan 9 12:55:21 2025 daemon.err openvpn(rms_Tu2oYns7uoKbWxAh)[5857]: TLS Error: TLS handshake failed
Thu Jan 9 12:55:21 2025 daemon.notice openvpn(rms_Tu2oYns7uoKbWxAh)[5857]: SIGUSR1[soft,tls-error] received, process restarting
Thu Jan 9 12:55:26 2025 daemon.warn openvpn(rms_Tu2oYns7uoKbWxAh)[5857]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jan 9 12:55:27 2025 daemon.warn openvpn(rms_Tu2oYns7uoKbWxAh)[5857]: WARNING: Your certificate has expired!

Since these tunnels were configured automatically with the Teltonika RMS VPN HUB setup, I wonder how I can solve it without needing to remove the whole HUB and start over again.
And, If I once again have to remove it, how can you at Teltonika prevent it from happening every 12 months if these certificates expire?

I would prefer that the service be consistent and functional year after year.

Hello,

Thank you for providing detailed information about the issue.

Have you tried restarting the RMS VPN Hub (by pressing on image icon) and updating the clients’ certificates and configurations? This can often resolve issues related to expired certificates without the need to re-create the entire Hub.

Please let us know if this helps, or if further assistance is required.

Best regards,

Hello

Great tip about the icon for updating the client’s certificates and configurations. I’ve missed that one. But doing so and also restarting the RMS VPN service, which I also did before, doesn’t change the fact that the OpenVPN tunnel on the HUB Router still shows this;

Thu Jan 9 14:47:22 2025 daemon.warn openvpn(rms_Tu2oYns7uoKbWxAh)[5105]: WARNING: Your certificate has expired!
Thu Jan 9 14:47:22 2025 daemon.notice openvpn(rms_Tu2oYns7uoKbWxAh)[5105]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:34773
Thu Jan 9 14:47:22 2025 daemon.notice openvpn(rms_Tu2oYns7uoKbWxAh)[5105]: UDP link local: (not bound)
Thu Jan 9 14:47:22 2025 daemon.notice openvpn(rms_Tu2oYns7uoKbWxAh)[5105]: UDP link remote: [AF_INET]x.x.x.x:34773
Thu Jan 9 14:48:22 2025 daemon.err openvpn(rms_Tu2oYns7uoKbWxAh)[5105]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Jan 9 14:48:22 2025 daemon.err openvpn(rms_Tu2oYns7uoKbWxAh)[5105]: TLS Error: TLS handshake failed
Thu Jan 9 14:48:22 2025 daemon.notice openvpn(rms_Tu2oYns7uoKbWxAh)[5105]: SIGUSR1[soft,tls-error] received, process restarting

I’ve rebooted the RMS VPN and the HUB router itself. No change.

I find the log here on the HUB router that’s reporting the expired certificate;

I will delete the whole RMS VPN service and start over.

Regards,