Imported OpenVPN (.ovpn) Profile not working anymore after update to Ubuntu 22.04

Question

2 days ago I updated my Ubuntu Distro from 20.04 LTS to 22.04 LTS.

After the update, I've noticed that my private OpenVPN tunnel is not working anymore in the new update, in Ubuntu 20.04 was working flawlessly. Trying the same imported configuration on Windows or on my other machine with Ubuntu 20.04 I'm still able to connect.

When I try to start a connection from my terminal I get the following errors:

2022-04-26 08:36:55 OpenSSL: error:0A0C0103:SSL routines::internal error
2022-04-26 08:36:49 TLS_ERROR: BIO read tls_read_plaintext error
2022-04-26 08:36:49 TLS Error: TLS object -> incoming plaintext read error
2022-04-26 08:36:49 TLS Error: TLS handshake failed
2022-04-26 08:36:49 Fatal TLS error (check_tls_errors_co), restarting
2022-04-26 08:36:49 SIGUSR1[soft,tls-error] received, process restarting

Has anybody encountered the same issue?

Answer 1

Method 1:

1. Uninstall the current OpenVPN version if installed: sudo apt remove OpenVPN

2. Install libssl1.1 binary

• Go to https://launchpad.net/ubuntu/focal/amd64/libssl1.1/1.1.1f-1ubuntu2.12
• Download the "libssl1.1_1.1.1f-1ubuntu2.12_amd64.deb" file in the "Downloadable files" section
• Double-click on the file and open with Software Install (GUI)

3. Install OpenVPN 2.4.7

• Go to https://launchpad.net/ubuntu/focal/amd64/openvpn/2.4.7-1ubuntu2.20.04.4
• Download the "openvpn_2.4.7-1ubuntu2.20.04.4_amd64.deb" file in the "Downloadable files" section
• Double-click on the file and open with Software Install (GUI)

4. Reinstall NetworkManager OpenVPN GUI: sudo apt install network-manager-openvpn-gnome

Please note that steps 1 and 4 should be run as a command in the terminal. This requires you to have appropriate permissions and you must know the username and password for your local machine.

Additionally, for steps 2 and 3, after downloading the .deb packages, you can double-click them in Nautilus/file manager and select "Software Install" as a required option to open the package.

Finally, these steps must be followed in the order that they are given, or else the process will fail.

Answer 2

I've noticed the same issue. I couldn't connect "to someone else's server".

sudo systemctl status openvpn@client
● openvpn@client.service - OpenVPN connection to client
     Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
     Active: activating (auto-restart) (Result: exit-code) since Thu 2022-04-28 10:29:10 CEST; 1s ago
       Docs: man:openvpn(8)
             https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
             https://community.openvpn.net/openvpn/wiki/HOWTO
    Process: 3542 ExecStart=/usr/sbin/openvpn --daemon ovpn-client --status /run/openvpn/client.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/client.conf --writepid /run/openvpn/client.pid (code=exited, status=1/FA>
   Main PID: 3542 (code=exited, status=1/FAILURE)
     Status: "Pre-connection initialization successful"
        CPU: 15ms

But this answer https://askubuntu.com/a/1049802/1590939 solved my problem.

vim client.conf
...
# 22.04
tls-cipher "DEFAULT:@SECLEVEL=0"
remote-cert-tls server
# 22.04
...
sudo systemctl stop openvpn@client 
sudo systemctl start openvpn@client
sudo systemctl status openvpn@client
● openvpn@client.service - OpenVPN connection to client
     Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2022-04-28 11:17:26 CEST; 9s ago
       Docs: man:openvpn(8)
             https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
             https://community.openvpn.net/openvpn/wiki/HOWTO
   Main PID: 7889 (openvpn)
     Status: "Initialization Sequence Completed"
      Tasks: 1 (limit: 19121)
     Memory: 2.0M
        CPU: 63ms
     CGroup: /system.slice/system-openvpn.slice/openvpn@client.service
             └─7889 /usr/sbin/openvpn --daemon ovpn-client --status /run/openvpn/client.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/client.conf --writepid /run/openvpn/client.pid

Answer 3

I finally fixed it by adding line tls-cipher=DEFAULT:@SECLEVEL=0 in vpn section to .nmconnection files in /etc/NetworkManager/system-connections and reloading network manager.

Just now saw fix Method 1. Will try that too.

Answer 4

I solved it with Distrobox. Remember, you need first Docker or Podman, then install Distrobox.

In Ubuntu 22.04 you have OpenVPN 2.5, but in Ubuntu 20.04 you have OpenVPN 2.4.

So, the only thing you need to do is create a container with DB with Ubuntu 20.04, like this:

distrobox create --image docker.io/library/ubuntu:20.04  --name ubuntu2004

then you can access:

distrobox enter ubuntu2004

when you're inside, update, upgrade and install openvpn package:

sudo apt update && sudo apt upgrade && sudo apt install openvpn

so, the only thing that you can do now is connect with your opvn file:

sudo openvpn my_vpn_file.ovpn

now you can access to the VPN network outside the container :)

I solved it in that way because I usually use Distrobox and because it is a clean solution, you don't need to touch repos or anything of your system. It works for me. If you're familiar with container technologies or you if you're a frequent Distrobox user, this can save you. Hope this can help someone else here!

Answer 5

You can also have twice openvpn versions installed (2.5 and 2.4) with update-alternatives:

wget http://launchpadlibrarian.net/599700941/libssl1.1_1.1.1f-1ubuntu2.13_amd64.deb -O package.deb
ar x package.deb data.tar.xz
rm package.deb
tar xf data.tar.xz
rm data.tar.xz
sudo cp -r usr/lib/x86_64-linux-gnu/* /usr/lib/x86_64-linux-gnu/
rm -rf usr
wget http://launchpadlibrarian.net/592535375/openvpn_2.4.7-1ubuntu2.20.04.4_amd64.deb -O package.deb
ar x package.deb data.tar.xz
rm package.deb
tar xf data.tar.xz
rm data.tar.xz
sudo cp usr/sbin/openvpn /usr/sbin/openvpn.2.4
sudo cp -r usr/lib/x86_64-linux-gnu/openvpn/* /usr/lib/x86_64-linux-
gnu/openvpn.2.4/
rm -rf rm -rf etc lib usr var
sudo mv /usr/sbin/openvpn /usr/sbin/openvpn.2.5
sudo mv /usr/lib/openvpn /usr/lib/openvpn.2.5
sudo mkdir /usr/lib/openvpn.2.4
sudo ln -sf /usr/lib/x86_64-linux-gnu/openvpn.2.4/plugins/openvpn-plugin-auth-pam.so /usr/lib/openvpn.2.4/
sudo ln -sf /usr/lib/x86_64-linux-gnu/openvpn.2.4/plugins/openvpn-plugin-down-root.so /usr/lib/openvpn.2.4/
sudo update-alternatives --install /usr/sbin/openvpn openvpn /usr/sbin/openvpn.2.5 10 --slave /usr/lib/openvpn libopenvpn /usr/lib/openvpn.2.5
sudo update-alternatives --install /usr/sbin/openvpn openvpn /usr/sbin/openvpn.2.4 9 --slave /usr/lib/openvpn libopenvpn /usr/lib/openvpn.2.4

Now, you can switch between both versions with:

sudo update-alternatives --config openvpn

For rollingback changes:

sudo update-alternatives --remove-all openvpn
sudo mv /usr/sbin/openvpn.2.5 /usr/sbin/openvpn
sudo mv /usr/lib/openvpn.2.5 /usr/lib/openvpn
sudo rm -rf /usr/sbin/openvpn.2.4 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 /usr/lib/x86_64-linux-gnu/libssl.so.1.1 /usr/lib/x86_64-linux-gnu/engines-1.1 /usr/lib/x86_64-linux-gnu/openvpn.2.4 /usr/lib/openvpn.2.4/

Answer 6

Running latest 22.10. I found that using nm-connection-editor and importing the .ovpn file worked where the default ubuntu network config failed. I'm using regolith i3 wm if that makes any difference. I did not have to change anything else on openvpn or ssl installs.