There is a problem with importing ovpn config. The connection always fails. Even when set manually with exactly the same configuration as a different pc I cannot connect to the VPN

  • Dean replied to this.

    I have the same problem since they changed the openvpn encryptor. In my case I installed version 13 of openvpn and it works, but every time I upgrade I have to manually revert openvpn to version 13. It is a bug with version 14 due to the change of encryption libraries, at least in my case.

      moreorem You may try to install it like:
      sudo eopkg it https://packages.getsol.us/shannon/o/openvpn/openvpn-2.4.9-13-1-x86_64.eopkg

      Seems that I also need to install the client, otherwise the activation from the tray or the network configuration just toggles but does not work...

      moreorem
      Just uncheck "Use custom size of cipher key:" from the Security tab under Advanced... on the VPN you just added.

      13 days later

      Ok seems to work now that I downgraded. The steps I had to take were 1. Uninstall latest openvpn and openvpn client, 2. Reboot, 3. Install openvpn 13 using eopkg and openvpn client, 4. reboot, 5. Load ovpn config, disable server certificate check, check "use TCP connection". Thank you for your help!
      Some extra bugs I have noticed probably related to budgie desktop are 1. User key password won't be saved regardless the choice to store it for the user or for all users. 2. Notification after connection or if the connection has failed does not appear on top right as it used to do.

      @algent Is there a way I can freeze the package from upgrading? Because the software center tries to update to 14

        moreorem

        From eopkg up --help There is:

          -x [--exclude] arg          : When upgrading system, ignore packages and
                                        components whose basenames match pattern.

        So you can try:
        sudo eopkg up -x openvpn

        2 months later

        just add dns from gui or terminal
        from terminal:
        cat >> /etc/resolv.conf nameserver 8.8.8.8

        @moreorem Does your ovpn config use one of the following features?

        • PKCS#12 file support
        • --capath support - Loading certificate authorities from a directory
        • X.509 alternative username fields (must be "CN")

        The forthcoming 2.5.3 update will also switch the crypto library back to openssl. No ETA on when that'll show up (but I'd be surprised if it didn't land in the next sync or the one after it).

        10 days later
        2 years later

        You could try the free ProtonVPN, if it works great for you then you could purchase it.