OpenVPN not working

moreorem

There is a problem with importing ovpn config. The connection always fails. Even when set manually with exactly the same configuration as a different pc I cannot connect to the VPN

Dean

moreorem
Just uncheck "Use custom size of cipher key:" from the Security tab under Advanced... on the VPN you just added.

Crafol

I have the same problem since they changed the openvpn encryptor. In my case I installed version 13 of openvpn and it works, but every time I upgrade I have to manually revert openvpn to version 13. It is a bug with version 14 due to the change of encryption libraries, at least in my case.

moreorem

Crafol How can I revert the version of openvpn? Using eopkg?

algent

moreorem You may try to install it like:
sudo eopkg it https://packages.getsol.us/shannon/o/openvpn/openvpn-2.4.9-13-1-x86_64.eopkg

moreorem

Seems that I also need to install the client, otherwise the activation from the tray or the network configuration just toggles but does not work...

moreorem

Ok seems to work now that I downgraded. The steps I had to take were 1. Uninstall latest openvpn and openvpn client, 2. Reboot, 3. Install openvpn 13 using eopkg and openvpn client, 4. reboot, 5. Load ovpn config, disable server certificate check, check "use TCP connection". Thank you for your help!
Some extra bugs I have noticed probably related to budgie desktop are 1. User key password won't be saved regardless the choice to store it for the user or for all users. 2. Notification after connection or if the connection has failed does not appear on top right as it used to do.

moreorem

@algent Is there a way I can freeze the package from upgrading? Because the software center tries to update to 14

algent

moreorem

From eopkg up --help There is:

  -x [--exclude] arg          : When upgrading system, ignore packages and
                                components whose basenames match pattern.

So you can try:
sudo eopkg up -x openvpn

faridoddin

just add dns from gui or terminal
from terminal:
cat >> /etc/resolv.conf nameserver 8.8.8.8

ReillyBrogan

@moreorem Does your ovpn config use one of the following features?

PKCS#12 file support
--capath support - Loading certificate authorities from a directory
X.509 alternative username fields (must be "CN")

ReillyBrogan

The forthcoming 2.5.3 update will also switch the crypto library back to openssl. No ETA on when that'll show up (but I'd be surprised if it didn't land in the next sync or the one after it).

ReillyBrogan

2.5.3 w/ OpenSSL landed last sync. Please give it a try @moreorem and @Crafol as it should fix your issues.

Solmann

You could try the free ProtonVPN, if it works great for you then you could purchase it.

ReillyBrogan

Solmann Please don't necro old topics with unrelated suggestions.