Can't connect to VPN after upgrading to Ubuntu 22.04
I've just hit the same issue using IP-Vanish after having done a clean install of 22.04 after using 20.04 successfully for a long time.
I have tried both solutions, putting the lines in the top of the /etc/ssl/openssl.cnf file (copy/pasted to make sure there were no typos), and also adding the additional tls-cipher (and even replacing it) in the .ovpn file, but neither is allowing me to connect.
I've contacted IP-Vanish directly and included the information provided here.
I'd be grateful if anyone manages to solve this issue, and if IP-Vanish come back to me with a reply, I'll post it up.
UPDATE WITH SOLUTION:
IP-Vanish have returned with a temporary solution until they can update their certificates.
1: Add the VPN connection as normal using the Network Manager GUI
2: Edit the connection file in /etc/NetworkManager/system-connections/(connectionname).nmconnection
where (connectionname) is the name of your VPN conection
3: In the [vpn] section, beneath the line that starts ca=
, add a new line reading
tls-cipher=DEFAULT:@SECLEVEL=[0-5]
See here for security level information, and to gather which security level you should be using. For most, security level 0 will be adequate.
4: Save the file
5: Enter the command systemctl restart NetworkManager
6: Start the VPN connection as normal and it should connect (mine did anyway and I verified it by checking my IP and location)
Comments
-
GhitaB over 1 year
2022-05-10 17:07:15 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: 2022-05-10 17:07:15 OpenSSL: error:0A000086:SSL routines::certificate verify failed
I use openvpn (with 3 configuration files: .ovpn, .p12, .key, from my terminal: sudo openvpn with these parameters: --config --pkcs12 --tls-auth).
Everything was working before upgrading to latest Ubuntu version. Then no connection possible and a lot of errors like that in the quote.
I requested a new certificate from our sysadmins, and the problem remains. It was not a problem of expired certificate.
I see this seems to be related to OpenSSL 3.0. And other people have the same issue.
Our sysadmin said I should solve it on my computer for the moment. They will solve it on the server later.
I already tried this: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1960268/comments/32 but no change.
Can you help me to solve it, please? I am blocked in my work by this issue for 2 days already. Thank you. (Note I am really bad when I need to set/configure things... :) )
-
Admin almost 2 yearsThis solution also worked (partially) for me, having a similar issue to connect to a customer's VPN server. But I also needed to add this: cipher=BF-CBC
-
Admin almost 2 years@colin I think it should be
/etc/NetworkManager/system-connections/(connectionname).nmconnection
-
Admin almost 2 yearsAlso want to add, this will disable the security you normally get with a VPN.
-
Admin almost 2 years@Noah Thanks for spotting that, I have updated my answer. Also thanks for the warning, I will reinstall Ubuntu 20.04 now so that I can carry on without needing to alter these files until IP-Vanish can release an update.
-
Admin almost 2 years@Colin might be worth updating your answer with a warning about the security.