Cannot connect to OpenVPN after upgrade to 18.04
WARNING
This solution is only for users who cannot upgrade the VPN server. If you have admin access to your VPN server, please upgrade it and generate new keys, otherwise you will lose VPN security!
You need to add the following options in your OpenVPN config file:
tls-cipher "DEFAULT:@SECLEVEL=0"
remote-cert-tls server
This seems to not be possible with the network-manager GUI tool (correct me if I'm wrong), so you need to export your network-manager config to a file using this command:
nmcli c export MyVPN > ~/myvpn.openvpn
Then add the two options mentioned above to the end of the file, and launch openVPN from command line using this command:
sudo openvpn --config ~/myvpn.openvpn
Once you verify that the connection is working again, you can import back your unpdated configuration file and continue to use the Network Manager to setup the tunnel (thanks Eineki):
nmcli c import type openvpn file myvpn.ovpn
Related videos on Youtube
10 : 35
04 : 03
05 : 09
02 : 08
02 : 46
Bastian Voigt
Bastian Voigt, Freelance Software Developer and IT Project Manager
Updated on September 18, 2022Comments
-
Bastian Voigt over 1 year
After upgrading to Bionic, OpenVPN gives me the following error when connecting to my company's VPN
nm-openvpn[3360]: OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weakConnecting to VPN is not possible.
Yes I know that my company IT uses crappy old certificates and they should upgrade, but still I need to connect to the VPN otherwise I cannot do my work :)
How to fix?
-
Eineki over 5 yearsOnce you verify that the connection is working again, you can import back your unpdated configuration file with
sudo nmcli c import type openvpn file <name or your .ovpn file>and continue to use the Network Manager to setupp the tunnel -
xinthose over 5 yearsThis will disable all VPN security (not recommended). -
Bastian Voigt over 5 years@xinthose do you have any better recommendation?
-
xinthose over 5 years@BastianVoigt I had to upgrade my server's OpenVPN to the latest version and regenerate all my keys. This will break all current client connections. HOWTO
-
Bastian Voigt over 5 years@xinthose yeah, as I wrote in my question. I know company IT should upgrade the OpenVPN server but they don't do it and I still need to connect to VPN for doing my work. Of course, if you have admin access to the VPN server you should upgrade this first!
-
Neji Soltani almost 5 years@Eineki how can I import it with resource only mode ? if I import it via your command I get vpn working but i loose access to all other pages like google i remember I had to check theuse this network only for resources on its networkbut if i do that with the UI it will override the vpn settings
