Question

32

Can't connect to VPN after upgrading to Ubuntu 22.04

rated 0 times [ 32] [ 0] / answers: 1 / hits: 50835 / 2 Years ago, sun, april 3, 2022, 7:11:12

2022-05-10 17:07:15 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak:



2022-05-10 17:07:15 OpenSSL: error:0A000086:SSL routines::certificate verify failed

I use openvpn (with 3 configuration files: .ovpn, .p12, .key, from my terminal: sudo openvpn with these parameters: --config --pkcs12 --tls-auth).

Everything was working before upgrading to latest Ubuntu version. Then no connection possible and a lot of errors like that in the quote.

I requested a new certificate from our sysadmins, and the problem remains. It was not a problem of expired certificate.

I see this seems to be related to OpenSSL 3.0. And other people have the same issue.

Our sysadmin said I should solve it on my computer for the moment. They will solve it on the server later.

I already tried this: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1960268/comments/32
but no change.

Can you help me to solve it, please? I am blocked in my work by this issue for 2 days already. Thank you. (Note I am really bad when I need to set/configure things... :) )

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

tresein

Add To Favorites

Follow

Total Points: 197

Total Questions: 113

Total Answers: 112

Location: Hungary

Member since Wed, Nov 9, 2022

1 Year ago

answered 2 Years ago tresein · Accepted Answer

I've just hit the same issue using IP-Vanish after having done a clean install of 22.04 after using 20.04 successfully for a long time.

I have tried both solutions, putting the lines in the top of the /etc/ssl/openssl.cnf file (copy/pasted to make sure there were no typos), and also adding the additional tls-cipher (and even replacing it) in the .ovpn file, but neither is allowing me to connect.

I've contacted IP-Vanish directly and included the information provided here.

I'd be grateful if anyone manages to solve this issue, and if IP-Vanish come back to me with a reply, I'll post it up.

UPDATE WITH SOLUTION:

IP-Vanish have returned with a temporary solution until they can update their certificates.

1: Add the VPN connection as normal using the Network Manager GUI

2: Edit the connection file in /etc/NetworkManager/system-connections/(connectionname).nmconnection where (connectionname) is the name of your VPN conection

3: In the [vpn] section, beneath the line that starts ca=, add a new line reading

tls-cipher=DEFAULT:@SECLEVEL=[0-5]

Replace [0-5] with a value between 0 and 5, see here for security level information, and to gather which security level you should be using. For most, security level 0 will be adequate.

4: Save the file

5: Enter the command systemctl restart NetworkManager

6: Start the VPN connection as normal and it should connect (mine did anyway and I verified it by checking my IP and location)