openvpn client no longer connects in 22.04 until certificate update

Thank you for taking the time to report this bug and helping to make Ubuntu better. Unfortunately, we cannot work on this bug because your description didn't include enough information. You may find it helpful to read "How to report bugs effectively" http://www.chiark.greenend.org.uk/~sgtatham/bugs.html. We'd be grateful if you would then provide a more complete description of the problem.

We have instructions on debugging some types of problems at http://wiki.ubuntu.com/DebuggingProcedures.

At a minimum, we need:

1. The specific steps or actions you took that caused you to encounter the problem.
2. The behavior you expected.
3. The behavior you actually encountered (in as much detail as possible).

Please also ensure that you include the release and flavour of Ubuntu that you are using.

Thank you!

Hello,

I also encounter this problem after upgrade from Ubuntu 21.10 to 22.04.

1. I setup openvpn server on my router (Asus AX88U) at home.
2. I exported the config to *.ovpn file and imported that to openvpn client via gnome-network-manager; I did same on my smartphone.
3. Being outside home, I use 4G connection and click VPN Connect in the right upper corner menu.
4. There is a message pop-up in the notification area that "Activation of network connection failed"
5. it worked perfectly in 21.10 and it works now on my Galaxy S20+.

The result of this failure from $ sudo tail -f /var/log/syslog

Ubuntu 22.04 LTS

Went back to Ubuntu 21.10 until this is fixed in 22.04. :(

I had the same problem of losing connection after upgrading to Ubuntu 22.04.
After reading on several pages all over the Internet for solutions, I found someone saying that Ubuntu 22.04 uses a new and more secure version of OpenSSL (if I remember correctly). This would force some people to use more secure "protocols". I was already using them on my router so it made no sense why it was still not working. Then I found someone explaining that for any change you make to the OpenVPN server you MUST also update the CERTIFICATES... which I had not done.

After updating the CERTIFICATES on the OpenVPN server (my router), my Ubuntu 22.04 client can now connect without any problems.

I hope this helps some people that have the same problem as me.

Thank you jorge! Updating certificates on openvpn server means what?

1) you re-exported (router) and then re-imported (ubuntu client) the *.ovpn file with the client config and that started working.
2) or you did smth else on the router?

i have my ax88u (latest firmware from Merlin 386.5_2 and i did the step one and that did not help. All setup by default. I rolled back now to 21.10 and works again.

Keep Ubuntu 22.04 in a virtual box to regularly check this is fixed until i can upgrade the main system.

If you can elaborate a bit more what you actually did - would be much appreciated.

I have an AC-88U.
I updated the Certificate and after that I exported a new OVPN file that I then used on the Ubuntu 22.04 machine. It worked immediately.

Also confirmed. That fixed my problem. I am back to 22.04 Thanks jorge.

Sounds like it's not a package bug, just higher security standard enforced?

jorge, I don't understand what do you mean by "update the certificate".

We have one openvpn server at the company with all users connected to it. We have just bought a new machine that runs Ubuntu 22.04 for a new comer. This new comer can't connect to the vpn.
We haven't touch the server, but we don't want to update the certificate of all our 50 users every time a new one is added !

if you have AX88U with Merlin firmware, enable a new OpenVPN server that will have a regenerated new certificate, connect that PC to this one, and then slowly migrate all your fleet from server 1 to server 2, disabling the server 1 at the end of the journey, IMHO...

FYI
In the `/var/log/syslog` there was a message about inconsistent cipher between client and server ("Failed to negociate cipher with server.")

I fixed the problem by:
- editing the file `/etc/NetworkManager/system-connections/(connectionname).nmconnection`
- adding in the vpn section the line
`cipher=BF-CBC`

Thanks to https://askubuntu.com/questions/1407774/cant-connect-to-vpn-after-upgrading-to-ubuntu-22-04 that helped me finding the file and knowing the available options.

did you also change to tls-cipher=DEFAULT:@SECLEVEL=0 ?

the error on the askubuntu is
> CA signature digest algorithm too weak:

which is another case of higher security standards being enforced by openssl3

no, only the cipher was needed

I have a laptop and a desktop, both on kinetic now. I can connect the laptop to a VPN but not the desktop, both using the same config and keys etc. I get the same error as on the screenshot, and no idea how to get forward..