Tips for Solving Fixed License Key Issues
Troubleshoot issues with an Access Server fixed license key | OpenVPN guide.
This troubleshooting guide is for users who have purchased a fixed license for Access Server. If you're facing issues with your fixed license key, this guide will help you verify your setup, activate your fixed license, remove it if necessary, and troubleshoot common problems.
Ensure your Access Server uses a fixed license key. A fixed license key has a specific format: four groups of four characters.
Example 1. Example fixed license keyTHI-SISA-NEXA-MPLE
Important
This guide is exclusively for troubleshooting issues related to fixed license keys. If your license key format differs, consult the appropriate page from Licensing.
Activate your key from the Admin Web UI:
Sign in to the Admin Web UI.
Click Configuration > Activation.
Enter your fixed license key and click Activate.
Tip
You can copy your fixed license key from the Access Server Portal.
Activate your key from the command-line interface:
Connect to the console and get root privileges.
Run these commands to activate your key:
cd /usr/local/openvpn_as/scripts/ ./liman Activate "LICE-NSEK-EYIN-HERE"
Verify the license key status:
liman info
Important
Fixed license keys are tied to your server's hardware/software. Significant changes may invalidate the license key.
Expired license keys will no longer unlock additional connections and may disappear from the license overview.
If you have a situation that requires an offline activation, refer to our tutorial:
Important
A fixed license key can only be activated once. Removing it doesn't reset or make it available for use on another server. If you need to activate a valid license key on another installation, contact support.
Determine the fixed license key you want to remove.
Connect to the console and get root privileges.
Run this command to remove the key:
rm /usr/local/openvpn_as/etc/licenses/EXA-MPLE-LICE-NSE.lic
Tip
The fixed license servers are available at:
licensing.openvpn.net
licserv.openvpn.net
54.183.149.72
Common issues
Connection problems: Ensure access to licensing.openvpn.net or licserv.openvpn.net on port TCP 443.
Hardware changes: If your server's hardware or software has changed significantly, the licensing system may invalidate the license key.
Memory issues: Out-of-memory conditions can disrupt the licensing system. Reboot the server to rule this out.
DNS and network issues
If DNS resolution fails, try editing /etc/resolv.conf and set DNS servers manually (e.g., Google’s DNS: 8.8.8.8).
If you’re behind a firewall, manually specify the licensing server IP by editing /etc/hosts:
54.183.149.72 licserv.openvpn.net licensing.openvpn.net
Helpful commands
Check the license manager tool for details:
/usr/local/openvpn_as/scripts/liman info
Sample output:
Manager: exception with license file /usr/local/openvpn_as/etc/licenses/ABCD-1234-EFGH-5678.lic: machine properties validation failed: verify fail: ABCD-1234-EFGH-5678 [3:0:8]/mac=110/hd=000/cpu=110/pci=110/ino=110/iid=000 (LIC_VPROP) Manager: exception with license file /usr/local/openvpn_as/etc/licenses/IJKL-0912-MNOP-3456.lic: license key ID is expired (LIC_KEY_EXP) Manager: exception with license file /usr/local/openvpn_as/etc/licenses/QRST-7890-UVWX-1234.lic: signature verification failed (LIC_VERIFY) INFO {'apc': False, 'concurrent_connections': 20}
Verify the license key files present on your system:
ls -la /usr/local/openvpn_as/etc/licenses/
Error messages
Machine properties validation failed: Contact support if your license key hasn't expired and this message displays. We'll revoke the current key and issue a replacement.
Signature verification failed: This message displays if the license file becomes corrupt, which can occur on a damaged file system or when the file is manually transferred. Avoid copying and pasting the contents of a file when doing an offline activation. Instead, use SCP or WinSCP.
Fault 9000: "twisted.internet.error.DNSLookupError: DNS lookup failed: address 'licensing.openvpn.net' not found: [Errno -2] Name or service not known.": This occurs when there's a DNS issue.
SESSION ERROR: SESSION: Your session has expired, please reauthenticate (9007): This occurs when there's a DNS or internet access issue.
<Fault 9000: "OpenSSL.SSL.Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')]">: This occurs when the secure connection between your Access Server and our licensing server fails. A proxy system or firewall could cause this error when it intercepts traffic and presents its own SSL certificate. Another possibility is incorrect time and date on your Access Server.
To fix the date time:
Check the current date setting:
timedatectl
Change the timezone:
dpkg-reconfigure tzdata
Correct the date or time:
date --set="24 JAN 2024 20:10:00"
If you don't have a network time protocol client, install one:
apt-get update apt-get install ntp
Unable to get local issuer certificate: This occurs when a firewall or proxy blocks access.
Determine access:
wget -O- -q --no-check-certificate https://licensing.openvpn.net/ | grep "XML_PARSE"
If you don't see the expected output (<value><string>XML_PARSE: error parsing XML</string></value>, run this command:
wget -O- --no-check-certificate https://licensing.openvpn.net/
If the output returns HTML code starting with <HTML><HEAD>, this comes from a webpage not generated by our licensing system but by a system in between.
Fault 9000: twisted.internet.error.TimeoutError: User timeout caused connection failure: This occurs when your Access Server installation can't reach the internet for online activation.
Ensure internet access and that DNS settings are correct.
Verify you can ping and reach internet addresses from the command line.
Check any firewalls or security groups for blocked access.
If your system can't be connected to the internet, request or perform an offline activation.
In rare cases, this error occurs when a fixed license was previously activated.