Cannot connect to OpenVPN after upgrade to 18.04





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







3















After upgrading to Bionic, OpenVPN gives me the following error when connecting to my company's VPN



nm-openvpn[3360]: OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak


Connecting to VPN is not possible.



Yes I know that my company IT uses crappy old certificates and they should upgrade, but still I need to connect to the VPN otherwise I cannot do my work :)



How to fix?






networking vpn openvpn







share|improve this question





























    3















    After upgrading to Bionic, OpenVPN gives me the following error when connecting to my company's VPN



    nm-openvpn[3360]: OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak


    Connecting to VPN is not possible.



    Yes I know that my company IT uses crappy old certificates and they should upgrade, but still I need to connect to the VPN otherwise I cannot do my work :)



    How to fix?






    networking vpn openvpn







    share|improve this question

























      3












      3








      3


      1






      After upgrading to Bionic, OpenVPN gives me the following error when connecting to my company's VPN



      nm-openvpn[3360]: OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak


      Connecting to VPN is not possible.



      Yes I know that my company IT uses crappy old certificates and they should upgrade, but still I need to connect to the VPN otherwise I cannot do my work :)



      How to fix?






      networking vpn openvpn







      share|improve this question














      After upgrading to Bionic, OpenVPN gives me the following error when connecting to my company's VPN



      nm-openvpn[3360]: OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak


      Connecting to VPN is not possible.



      Yes I know that my company IT uses crappy old certificates and they should upgrade, but still I need to connect to the VPN otherwise I cannot do my work :)



      How to fix?






      networking vpn openvpn




      networking vpn openvpn






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jun 26 '18 at 7:53









      Bastian VoigtBastian Voigt

      1,5602617




      1,5602617






















          1 Answer
          1






          active

          oldest

          votes


















          3















          WARNING



          This solution is only for users who cannot upgrade the VPN server. If you have admin access to your VPN server, please upgrade it and generate new keys, otherwise you will lose VPN security!




          You need to add the following options in your OpenVPN config file:



          tls-cipher "DEFAULT:@SECLEVEL=0"
          
remote-cert-tls server


          This seems to not be possible with the network-manager GUI tool (correct me if I'm wrong), so you need to export your network-manager config to a file using this command:



          nmcli c export MyVPN > ~/myvpn.openvpn


          Then add the two options mentioned above to the end of the file, and launch openVPN from command line using this command:



          sudo openvpn --config ~/myvpn.openvpn


          Once you verify that the connection is working again, you can import back your unpdated configuration file and continue to use the Network Manager to setup the tunnel (thanks Eineki):



          nmcli c import type openvpn file myvpn.ovpn





          share|improve this answer


























          • Once you verify that the connection is working again, you can import back your unpdated configuration file with sudo nmcli c import type openvpn file <name or your .ovpn file> and continue to use the Network Manager to setupp the tunnel

            – Eineki
            Nov 3 '18 at 19:52











          • This will disable all VPN security (not recommended).

            – xinthose
            Feb 5 at 15:11











          • @xinthose do you have any better recommendation?

            – Bastian Voigt
            Feb 6 at 14:44











          • @BastianVoigt I had to upgrade my server's OpenVPN to the latest version and regenerate all my keys. This will break all current client connections. HOWTO

            – xinthose
            Feb 6 at 17:16








          • 1





            @xinthose yeah, as I wrote in my question. I know company IT should upgrade the OpenVPN server but they don't do it and I still need to connect to VPN for doing my work. Of course, if you have admin access to the VPN server you should upgrade this first!

            – Bastian Voigt
            Feb 11 at 10:52












          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "89"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1049798%2fcannot-connect-to-openvpn-after-upgrade-to-18-04%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          3















          WARNING



          This solution is only for users who cannot upgrade the VPN server. If you have admin access to your VPN server, please upgrade it and generate new keys, otherwise you will lose VPN security!




          You need to add the following options in your OpenVPN config file:



          tls-cipher "DEFAULT:@SECLEVEL=0"
          
remote-cert-tls server


          This seems to not be possible with the network-manager GUI tool (correct me if I'm wrong), so you need to export your network-manager config to a file using this command:



          nmcli c export MyVPN > ~/myvpn.openvpn


          Then add the two options mentioned above to the end of the file, and launch openVPN from command line using this command:



          sudo openvpn --config ~/myvpn.openvpn


          Once you verify that the connection is working again, you can import back your unpdated configuration file and continue to use the Network Manager to setup the tunnel (thanks Eineki):



          nmcli c import type openvpn file myvpn.ovpn





          share|improve this answer


























          • Once you verify that the connection is working again, you can import back your unpdated configuration file with sudo nmcli c import type openvpn file <name or your .ovpn file> and continue to use the Network Manager to setupp the tunnel

            – Eineki
            Nov 3 '18 at 19:52











          • This will disable all VPN security (not recommended).

            – xinthose
            Feb 5 at 15:11











          • @xinthose do you have any better recommendation?

            – Bastian Voigt
            Feb 6 at 14:44











          • @BastianVoigt I had to upgrade my server's OpenVPN to the latest version and regenerate all my keys. This will break all current client connections. HOWTO

            – xinthose
            Feb 6 at 17:16








          • 1





            @xinthose yeah, as I wrote in my question. I know company IT should upgrade the OpenVPN server but they don't do it and I still need to connect to VPN for doing my work. Of course, if you have admin access to the VPN server you should upgrade this first!

            – Bastian Voigt
            Feb 11 at 10:52
















          3















          WARNING



          This solution is only for users who cannot upgrade the VPN server. If you have admin access to your VPN server, please upgrade it and generate new keys, otherwise you will lose VPN security!




          You need to add the following options in your OpenVPN config file:



          tls-cipher "DEFAULT:@SECLEVEL=0"
          
remote-cert-tls server


          This seems to not be possible with the network-manager GUI tool (correct me if I'm wrong), so you need to export your network-manager config to a file using this command:



          nmcli c export MyVPN > ~/myvpn.openvpn


          Then add the two options mentioned above to the end of the file, and launch openVPN from command line using this command:



          sudo openvpn --config ~/myvpn.openvpn


          Once you verify that the connection is working again, you can import back your unpdated configuration file and continue to use the Network Manager to setup the tunnel (thanks Eineki):



          nmcli c import type openvpn file myvpn.ovpn





          share|improve this answer


























          • Once you verify that the connection is working again, you can import back your unpdated configuration file with sudo nmcli c import type openvpn file <name or your .ovpn file> and continue to use the Network Manager to setupp the tunnel

            – Eineki
            Nov 3 '18 at 19:52











          • This will disable all VPN security (not recommended).

            – xinthose
            Feb 5 at 15:11











          • @xinthose do you have any better recommendation?

            – Bastian Voigt
            Feb 6 at 14:44











          • @BastianVoigt I had to upgrade my server's OpenVPN to the latest version and regenerate all my keys. This will break all current client connections. HOWTO

            – xinthose
            Feb 6 at 17:16








          • 1





            @xinthose yeah, as I wrote in my question. I know company IT should upgrade the OpenVPN server but they don't do it and I still need to connect to VPN for doing my work. Of course, if you have admin access to the VPN server you should upgrade this first!

            – Bastian Voigt
            Feb 11 at 10:52














          3












          3








          3








          WARNING



          This solution is only for users who cannot upgrade the VPN server. If you have admin access to your VPN server, please upgrade it and generate new keys, otherwise you will lose VPN security!




          You need to add the following options in your OpenVPN config file:



          tls-cipher "DEFAULT:@SECLEVEL=0"
          
remote-cert-tls server


          This seems to not be possible with the network-manager GUI tool (correct me if I'm wrong), so you need to export your network-manager config to a file using this command:



          nmcli c export MyVPN > ~/myvpn.openvpn


          Then add the two options mentioned above to the end of the file, and launch openVPN from command line using this command:



          sudo openvpn --config ~/myvpn.openvpn


          Once you verify that the connection is working again, you can import back your unpdated configuration file and continue to use the Network Manager to setup the tunnel (thanks Eineki):



          nmcli c import type openvpn file myvpn.ovpn





          share|improve this answer
















          WARNING



          This solution is only for users who cannot upgrade the VPN server. If you have admin access to your VPN server, please upgrade it and generate new keys, otherwise you will lose VPN security!




          You need to add the following options in your OpenVPN config file:



          tls-cipher "DEFAULT:@SECLEVEL=0"
          
remote-cert-tls server


          This seems to not be possible with the network-manager GUI tool (correct me if I'm wrong), so you need to export your network-manager config to a file using this command:



          nmcli c export MyVPN > ~/myvpn.openvpn


          Then add the two options mentioned above to the end of the file, and launch openVPN from command line using this command:



          sudo openvpn --config ~/myvpn.openvpn


          Once you verify that the connection is working again, you can import back your unpdated configuration file and continue to use the Network Manager to setup the tunnel (thanks Eineki):



          nmcli c import type openvpn file myvpn.ovpn






          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Feb 11 at 10:55

























          answered Jun 26 '18 at 7:58









          Bastian VoigtBastian Voigt

          1,5602617




          1,5602617













          • Once you verify that the connection is working again, you can import back your unpdated configuration file with sudo nmcli c import type openvpn file <name or your .ovpn file> and continue to use the Network Manager to setupp the tunnel

            – Eineki
            Nov 3 '18 at 19:52











          • This will disable all VPN security (not recommended).

            – xinthose
            Feb 5 at 15:11











          • @xinthose do you have any better recommendation?

            – Bastian Voigt
            Feb 6 at 14:44











          • @BastianVoigt I had to upgrade my server's OpenVPN to the latest version and regenerate all my keys. This will break all current client connections. HOWTO

            – xinthose
            Feb 6 at 17:16








          • 1





            @xinthose yeah, as I wrote in my question. I know company IT should upgrade the OpenVPN server but they don't do it and I still need to connect to VPN for doing my work. Of course, if you have admin access to the VPN server you should upgrade this first!

            – Bastian Voigt
            Feb 11 at 10:52



















          • Once you verify that the connection is working again, you can import back your unpdated configuration file with sudo nmcli c import type openvpn file <name or your .ovpn file> and continue to use the Network Manager to setupp the tunnel

            – Eineki
            Nov 3 '18 at 19:52











          • This will disable all VPN security (not recommended).

            – xinthose
            Feb 5 at 15:11











          • @xinthose do you have any better recommendation?

            – Bastian Voigt
            Feb 6 at 14:44











          • @BastianVoigt I had to upgrade my server's OpenVPN to the latest version and regenerate all my keys. This will break all current client connections. HOWTO

            – xinthose
            Feb 6 at 17:16








          • 1





            @xinthose yeah, as I wrote in my question. I know company IT should upgrade the OpenVPN server but they don't do it and I still need to connect to VPN for doing my work. Of course, if you have admin access to the VPN server you should upgrade this first!

            – Bastian Voigt
            Feb 11 at 10:52

















          Once you verify that the connection is working again, you can import back your unpdated configuration file with sudo nmcli c import type openvpn file <name or your .ovpn file> and continue to use the Network Manager to setupp the tunnel

          – Eineki
          Nov 3 '18 at 19:52





          Once you verify that the connection is working again, you can import back your unpdated configuration file with sudo nmcli c import type openvpn file <name or your .ovpn file> and continue to use the Network Manager to setupp the tunnel

          – Eineki
          Nov 3 '18 at 19:52













          This will disable all VPN security (not recommended).

          – xinthose
          Feb 5 at 15:11





          This will disable all VPN security (not recommended).

          – xinthose
          Feb 5 at 15:11













          @xinthose do you have any better recommendation?

          – Bastian Voigt
          Feb 6 at 14:44





          @xinthose do you have any better recommendation?

          – Bastian Voigt
          Feb 6 at 14:44













          @BastianVoigt I had to upgrade my server's OpenVPN to the latest version and regenerate all my keys. This will break all current client connections. HOWTO

          – xinthose
          Feb 6 at 17:16







          @BastianVoigt I had to upgrade my server's OpenVPN to the latest version and regenerate all my keys. This will break all current client connections. HOWTO

          – xinthose
          Feb 6 at 17:16






          1




          1





          @xinthose yeah, as I wrote in my question. I know company IT should upgrade the OpenVPN server but they don't do it and I still need to connect to VPN for doing my work. Of course, if you have admin access to the VPN server you should upgrade this first!

          – Bastian Voigt
          Feb 11 at 10:52





          @xinthose yeah, as I wrote in my question. I know company IT should upgrade the OpenVPN server but they don't do it and I still need to connect to VPN for doing my work. Of course, if you have admin access to the VPN server you should upgrade this first!

          – Bastian Voigt
          Feb 11 at 10:52


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1049798%2fcannot-connect-to-openvpn-after-upgrade-to-18-04%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Human spaceflight

          Image
          Human spaceflight From Wikipedia, the free encyclopedia Jump to navigation Jump to search "Space traveler" redirects here. For other uses, see Space traveler (disambiguation). @media all and (max-width:720px){.mw-parser-output .tmulti>.thumbinner{width:100%!important;max-width:none!important}.mw-parser-output .tmulti .tsingle{float:none!important;max-width:none!important;width:100%!important;text-align:center}} Apollo 11 crewmember Buzz Aldrin on the Moon, 1969 International Space Station crewmember Tracy Caldwell Dyson views the Earth, 2010 Space Shuttle Discovery heads into space with a crew aboard, STS-121 in 2006 Inside a space suit on the Canadarm, 1993 Human spaceflight (also referred to as crewed spaceflight or manned spaceflight ) is space travel with a crew or passengers aboard the spacecraft. Spacecraft carrying people may be operated directly, by human crew, or it may be e
          Read more

          Can not write log (Is /dev/pts mounted?) - openpty in Ubuntu-on-Windows?

          Image
          0 1 What exactly does the error message beginning with E: mean? I assume it has to do with the file structure on Ubuntu-on-Windows, but what exactly? The following package was automatically installed and is no longer required: os-prober Use 'apt-get autoremove' to remove it. The following extra packages will be installed: libxslt1.1 The following NEW packages will be installed: libxslt1.1 xmlstarlet 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 435 kB of archives. After this operation, 1023 kB of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu/ trusty/main libxslt1.1 amd64 1.1.28-2build1 [145 kB] Get:2 http://archive.ubuntu.com/ubuntu/ trusty/universe xmlstarlet amd64 1.5.0-1 [290 kB]
          Read more

          File:DeusFollowingSea.jpg

          Image
          File:DeusFollowingSea.jpg From Wikipedia, the free encyclopedia Jump to navigation Jump to search File File history File usage No higher resolution available. DeusFollowingSea.jpg ‎ (238 × 211 pixels, file size: 12 KB, MIME type: image/jpeg ) Summary [ edit ] Media data and Non-free use rationale Description Cover art of the Deus CD Following Sea Author or copyright owner Deus Source (WP:NFCC#4) rocksucker.co.uk Date of publication 2012 Use in article (WP:NFCC#7) Following Sea Purpose of use in article (WP:NFCC#8) to serve as the primary means of visual identification at the top of the article dedicated to the work in question. Not replaceable with free media because (WP:NFCC#1) n.a. Minimal use (WP:NFCC#3) Low res image used in infobox of the article on the album Respect for commercial opportunities (WP:NFCC#2) n.a. Fair use Fair use of co
          Read more