After upgrading to Bionic, OpenVPN gives me the following error when connecting to my company's VPN
nm-openvpn[3360]: OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
Connecting to VPN is not possible.
Yes I know that my company IT uses crappy old certificates and they should upgrade, but still I need to connect to the VPN otherwise I cannot do my work :)
How to fix?
WARNING
This solution is only for users who cannot upgrade the VPN server. If you have admin access to your VPN server, please upgrade it and generate new keys, otherwise you will lose VPN security!
You need to add the following options in your OpenVPN config file:
tls-cipher "DEFAULT:@SECLEVEL=0"
remote-cert-tls server
This seems to not be possible with the network-manager GUI tool (correct me if I'm wrong), so you need to export your network-manager config to a file using this command:
nmcli c export MyVPN > ~/myvpn.ovpn
Then add the two options mentioned above to the end of the file, and launch openVPN from command line using this command:
sudo openvpn --config ~/myvpn.ovpn
Once you verify that the connection is working again, you can import back your unpdated configuration file and continue to use the Network Manager to setup the tunnel (thanks Eineki):
nmcli c import type openvpn file myvpn.ovpn
