it most likely is an issue with a legacy cipher, was helped here back when the openssl3 update happened:
If the cipher was broken, how could it connect when using the command line and fail when importing the ovpn file using networkmanager app in KDE? Same ovpn file used in both.
it’s not broken, just maybe not modern enough.
The openvpn client in command line might enable the legacy mode, while the KDE nm goes the safer way and does not enable it by default.
The link I posted has 2 possible solutions, either enable legacy-mode in openssl systemwide (does not hurt to try, but if it does not solve the issue you should undo that change) or re-encrypt your keyfile with a more modern cipher and try with that. The later would be the preferable solution.
putting the legacy mode in the /etc/ssl/openssl.cnf does not fix the KDE-nm connecting, but on the console I no longer get the warnings and it still connects. So that is not this particular problem.
As far as re-encrypting the keyfile is that something that should be done by the router? Maybe during the last firmware upgrade they update the Openssl Server?? I could login to the router and regenerate the config file which makes and new key. Maybe it will be newer.
no need to reencrypt, it would have only solved the same problem that enabling legacy mode would have fixed. I am sorry but that was all I could offer in this case.
1 Like
Trying to help someone in this forum, means never having to say you’re sorry.
Of course, I am paraphrasing a movie from 1970.
Pudge
1 Like
So I may have found out something. NetworkManager-openvpn doesn’t support the --data-ciphers or --compat-mode so it will not work with vpn servers that need that. That explains why EOS with openvpn 2.5.8 fails using nm and LM21 works with openvpn 2.5.5 and nm.
So the easy fix is to downgrade openvpn to 2.5.5, but I have no idea how. This is a fresh install with no previous versions of openvpn in it’s cache.
https://wiki.archlinux.org/title/Arch_Linux_Archive
https://archive.archlinux.org/packages/o/openvpn/
Pudge
I tried the downgrade but then I had dependency issues that needed other things like openssl downgraded. So this will stay broken until nm-openvpn gets upgrade or my router gets a firmware upgrade that updates openvpn. Not likely.
1 Like
I have a workaround. Since my TP-Link router will not let me choose the cipher, I turned VPN server off on the router and added PiVPN to my RPI4 that is running IOTstack and Pi-hole.
This is an up-to-date VPN server and I can import it’s ovpn config file into NetworkManager’s settings. I’ve tested this new VPN server on my Phone, W11, Archlinux, but not EOS because I need to get EOS installed back on my Macbook Pro to test it. Cassini ISO install is failing to boot with a kernel panic. I posted about that in an existing thread since it’s the same as my problem.
Kernel panic
1 Like