Arch Linux

kamalpal

Member

Registered: 2022-11-07

Posts: 4

[SOLVED] VPN stopped working after update of openvpn and openssl

Version:

OS: Arch Linux x86_64
Kernel: 6.0.7-arch1-1
WM: xmonad

➜  ~ openvpn --version
OpenVPN 2.5.8 [git:makepkg/0357ceb877687faa+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov  1 2022
library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
Compile time defines:

Journal logs:

Nov 07 17:01:34 thinkpad NetworkManager[292]: <debug> [1667820694.0122] device[d1da791b9fdb0a83] (wlp4s0): add_pending_action (1): 'activation-7'
Nov 07 17:01:34 thinkpad NetworkManager[292]: <debug> [1667820694.0123] active-connection[0x55fd34b586d0]: constructed (NMVpnConnection, version-id 7, type managed)
Nov 07 17:01:34 thinkpad NetworkManager[292]: <info>  [1667820694.0172] vpn[0x55fd34b586d0,94d93de6-6169-4391-aa26-fa7ac14ca433,"kamalpal"]: starting openvpn
Nov 07 17:01:34 thinkpad NetworkManager[292]: <debug> [1667820694.0172] vpn[0x55fd34b586d0,94d93de6-6169-4391-aa26-fa7ac14ca433,"kamalpal"]: starting: watch D-Bus service org.freedesktop.NetworkManager.openvpn.Connection_7
Nov 07 17:01:34 thinkpad NetworkManager[292]: <debug> [1667820694.0174] vpn[0x55fd34b586d0,94d93de6-6169-4391-aa26-fa7ac14ca433,"kamalpal"]: set state: prepare (was waiting)
Nov 07 17:01:34 thinkpad NetworkManager[292]: <debug> [1667820694.0174] active-connection[0x55fd34b586d0]: set state activating (was unknown)
Nov 07 17:01:34 thinkpad NetworkManager[292]: <debug> [1667820694.0175] active-connection[0x55fd34b586d0]: check-master-ready: not signalling (state activating, no master)
Nov 07 17:01:34 thinkpad NetworkManager[292]: <debug> [1667820694.0202] vpn[0x55fd34b586d0,94d93de6-6169-4391-aa26-fa7ac14ca433,"kamalpal"]: starting: VPN service has PID 13001
Nov 07 17:01:34 thinkpad NetworkManager[292]: <debug> [1667820694.0281] vpn[0x55fd34b586d0,94d93de6-6169-4391-aa26-fa7ac14ca433,"kamalpal"]: set state: need-auth (was prepare)
Nov 07 17:01:34 thinkpad NetworkManager[292]: <debug> [1667820694.0283] vpn[0x55fd34b586d0,94d93de6-6169-4391-aa26-fa7ac14ca433,"kamalpal"]: secrets: requesting VPN secrets pass #1
Nov 07 17:01:34 thinkpad NetworkManager[292]: <debug> [1667820694.0286] settings-connection[ff94606241368cdd,94d93de6-6169-4391-aa26-fa7ac14ca433]: (vpn:0x55fd34b1a500) secrets requested flags 0x80000004 hints '(none)'
Nov 07 17:01:34 thinkpad NetworkManager[292]: <debug> [1667820694.0289] settings-connection[ff94606241368cdd,94d93de6-6169-4391-aa26-fa7ac14ca433]: (vpn:0x7fb7c8006b20) existing secrets returned
Nov 07 17:01:34 thinkpad NetworkManager[292]: <debug> [1667820694.0290] settings-connection[ff94606241368cdd,94d93de6-6169-4391-aa26-fa7ac14ca433]: (vpn:0x7fb7c8006b20) secrets request completed
Nov 07 17:01:34 thinkpad NetworkManager[292]: <debug> [1667820694.0292] settings-connection[ff94606241368cdd,94d93de6-6169-4391-aa26-fa7ac14ca433]: (vpn:0x7fb7c8006b20) new agent secrets processed
Nov 07 17:01:34 thinkpad NetworkManager[292]: <debug> [1667820694.0298] vpn[0x55fd34b586d0,94d93de6-6169-4391-aa26-fa7ac14ca433,"kamalpal"]: secrets: asking service if additional secrets are required
Nov 07 17:01:34 thinkpad NetworkManager[292]: <debug> [1667820694.0329] vpn[0x55fd34b586d0,94d93de6-6169-4391-aa26-fa7ac14ca433,"kamalpal"]: service indicated no additional secrets required
Nov 07 17:01:34 thinkpad NetworkManager[292]: <debug> [1667820694.0331] vpn[0x55fd34b586d0,94d93de6-6169-4391-aa26-fa7ac14ca433,"kamalpal"]: connect: allowing interactive secrets as all agents have that capability
Nov 07 17:01:34 thinkpad NetworkManager[292]: <debug> [1667820694.0332] vpn[0x55fd34b586d0,94d93de6-6169-4391-aa26-fa7ac14ca433,"kamalpal"]: set state: connect (was need-auth)
Nov 07 17:01:34 thinkpad NetworkManager[292]: <debug> [1667820694.0452] vpn[0x55fd34b586d0,94d93de6-6169-4391-aa26-fa7ac14ca433,"kamalpal"]: dbus: state changed: starting (3)
Nov 07 17:01:34 thinkpad NetworkManager[292]: <debug> [1667820694.0454] vpn[0x55fd34b586d0,94d93de6-6169-4391-aa26-fa7ac14ca433,"kamalpal"]: connect: success from ConnectInteractive
Nov 07 17:02:07 thinkpad NetworkManager[292]: <debug> [1667820727.4700] connectivity: (wlp4s0,IPv4,176) start request to 'http://ping.archlinux.org/nm-check.txt' (try resolving 'ping.archlinux.org' using system resolver)
Nov 07 17:02:07 thinkpad NetworkManager[292]: <debug> [1667820727.9325] connectivity: (wlp4s0,IPv4,176) check completed: FULL; expected response
Nov 07 17:02:34 thinkpad NetworkManager[292]: <warn>  [1667820754.0883] vpn[0x55fd34b586d0,94d93de6-6169-4391-aa26-fa7ac14ca433,"kamalpal"]: connect timeout exceeded
Nov 07 17:02:34 thinkpad NetworkManager[292]: <debug> [1667820754.0886] vpn[0x55fd34b586d0,94d93de6-6169-4391-aa26-fa7ac14ca433,"kamalpal"]: set state: failed (was connect)
Nov 07 17:02:34 thinkpad NetworkManager[292]: <debug> [1667820754.0888] active-connection[0x55fd34b586d0]: set state deactivated (was activating)
Nov 07 17:02:34 thinkpad NetworkManager[292]: <debug> [1667820754.0895] active-connection[0x55fd34b586d0]: check-master-ready: not signalling (state deactivated, no master)
Nov 07 17:02:34 thinkpad NetworkManager[292]: <debug> [1667820754.0896] device[d1da791b9fdb0a83] (wlp4s0): remove_pending_action (0): 'activation-7'
Nov 07 17:02:34 thinkpad NetworkManager[292]: <debug> [1667820754.0916] active-connection[0x55fd34b586d0]: disposing

Last edited by kamalpal (2022-11-24 08:59:15)

EndUserOnly

Member

Registered: 2017-05-31

Posts: 74

Re: [SOLVED] VPN stopped working after update of openvpn and openssl

Confirming the same for both the hardened and zen kernels. Also encountered startup errors for the first time: "Failed to start NZBGet Daemon".  The obvious would be to work the NZBGet error first, which I will attempt to do now that I have verified not just my system.

2022-11-07 07:59:44 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-11-07 07:59:44 OpenVPN 2.5.8 [git:makepkg/0357ceb877687faa+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov  1 2022
2022-11-07 07:59:44 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2022-11-07 07:59:44 OpenSSL: error:0A00018E:SSL routines::ca md too weak
2022-11-07 07:59:44 Cannot load inline certificate file
2022-11-07 07:59:44 Exiting due to fatal error

Scimmia

Fellow

Registered: 2012-09-01

Posts: 11,544

Re: [SOLVED] VPN stopped working after update of openvpn and openssl

EndUserOnly, you're getting a different error, ca md too weak. That sounds like you're trying to use an algorithm that's unsafe and openssl is now rejecting.

EndUserOnly

Member

Registered: 2017-05-31

Posts: 74

Re: [SOLVED] VPN stopped working after update of openvpn and openssl

It looks like this is legit. You have one post to your credit, which does not suggest your experience level. If you do not have time to wait for a fix from Arch - you can downgrade both packages, and place them on hold in pacman.conf until it is fixed. I do not have that option because I am struggling with an almost full root partition, and I keep deleting my cache. If you are in a bind, downgrade both packages. Do not run pacman -Sc.

EndUserOnly

Member

Registered: 2017-05-31

Posts: 74

Re: [SOLVED] VPN stopped working after update of openvpn and openssl

EndUserOnly, you're getting a different error, ca md too weak. That sounds like you're trying to use an algorithm that's unsafe and openssl is now rejecting.

Thanks, I will download new config files from provider. I do have a special option set. I will download without the option. Is NZBGet related?

Last edited by EndUserOnly (2022-11-07 13:38:01)

kamalpal

Member

Registered: 2022-11-07

Posts: 4

Re: [SOLVED] VPN stopped working after update of openvpn and openssl

It looks like this is legit. You have one post to your credit, which does not suggest your experience level. If you do not have time to wait for a fix from Arch - you can downgrade both packages, and place them on hold in pacman.conf until it is fixed. I do not have that option because I am struggling with an almost full root partition, and I keep deleting my cache. If you are in a bind, downgrade both packages. Do not run pacman -Sc.

Downgrading packages will be the last resort, will try and if I found any solution I'll update here. Thanks!

kamalpal

Member

Registered: 2022-11-07

Posts: 4

Re: [SOLVED] VPN stopped working after update of openvpn and openssl

Partially working.
Upon running it through OpenVPN directly I got the appropriate error

2022-11-08 10:20:46 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.10.0.2,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.82 10.8.0.81'
2022-11-08 10:20:46 OPTIONS IMPORT: timers and/or timeouts modified
2022-11-08 10:20:46 OPTIONS IMPORT: --ifconfig/up options modified
2022-11-08 10:20:46 OPTIONS IMPORT: route options modified
2022-11-08 10:20:46 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2022-11-08 10:20:46 OPTIONS ERROR: failed to negotiate cipher with server.  Add the server's cipher ('BF-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM') if you want to connect to this server.
2022-11-08 10:20:46 ERROR: Failed to apply push options
2022-11-08 10:20:46 Failed to open tun/tap interface

To resolve this, Added

data-ciphers BF-CBC

at the end of ovpn file.

However, the same is not working through NetworkManager.. it's just stalling and ends up connection timed out.

I have made the changes as suggested in the docs https://wiki.archlinux.org/title/NetworkManager (Section 8.23)

Nov 08 10:34:59 thinkpad NetworkManager[285]: <debug> [1667883899.1528] device[b4c4823e4814c896] (wlp4s0): add_pending_action (1): 'activation-25'
Nov 08 10:34:59 thinkpad NetworkManager[285]: <debug> [1667883899.1529] active-connection[0x55aaeb654220]: constructed (NMVpnConnection, version-id 25, type managed)
Nov 08 10:34:59 thinkpad NetworkManager[285]: <info>  [1667883899.1574] vpn[0x55aaeb654220,69929435-856e-4dae-9441-20ec03a479f3,"kamalpal"]: starting openvpn
Nov 08 10:34:59 thinkpad NetworkManager[285]: <debug> [1667883899.1574] vpn[0x55aaeb654220,69929435-856e-4dae-9441-20ec03a479f3,"kamalpal"]: starting: watch D-Bus service org.freedesktop.NetworkManager.openvpn.Connection_25
Nov 08 10:34:59 thinkpad NetworkManager[285]: <debug> [1667883899.1576] vpn[0x55aaeb654220,69929435-856e-4dae-9441-20ec03a479f3,"kamalpal"]: set state: prepare (was waiting)
Nov 08 10:34:59 thinkpad NetworkManager[285]: <debug> [1667883899.1576] active-connection[0x55aaeb654220]: set state activating (was unknown)
Nov 08 10:34:59 thinkpad NetworkManager[285]: <debug> [1667883899.1577] active-connection[0x55aaeb654220]: check-master-ready: not signalling (state activating, no master)
Nov 08 10:34:59 thinkpad NetworkManager[285]: <debug> [1667883899.1601] vpn[0x55aaeb654220,69929435-856e-4dae-9441-20ec03a479f3,"kamalpal"]: starting: VPN service has PID 19318
Nov 08 10:34:59 thinkpad NetworkManager[285]: <debug> [1667883899.1674] vpn[0x55aaeb654220,69929435-856e-4dae-9441-20ec03a479f3,"kamalpal"]: set state: need-auth (was prepare)
Nov 08 10:34:59 thinkpad NetworkManager[285]: <debug> [1667883899.1677] vpn[0x55aaeb654220,69929435-856e-4dae-9441-20ec03a479f3,"kamalpal"]: secrets: requesting VPN secrets pass #1
Nov 08 10:34:59 thinkpad NetworkManager[285]: <debug> [1667883899.1681] settings-connection[00db7ba877521f58,69929435-856e-4dae-9441-20ec03a479f3]: (vpn:0x55aaeb6045d0) secrets requested flags 0x80000004 hints '(none)'
Nov 08 10:34:59 thinkpad NetworkManager[285]: <debug> [1667883899.1684] settings-connection[00db7ba877521f58,69929435-856e-4dae-9441-20ec03a479f3]: (vpn:0x7f07640078a0) existing secrets returned
Nov 08 10:34:59 thinkpad NetworkManager[285]: <debug> [1667883899.1685] settings-connection[00db7ba877521f58,69929435-856e-4dae-9441-20ec03a479f3]: (vpn:0x7f07640078a0) secrets request completed
Nov 08 10:34:59 thinkpad NetworkManager[285]: <debug> [1667883899.1686] settings-connection[00db7ba877521f58,69929435-856e-4dae-9441-20ec03a479f3]: (vpn:0x7f07640078a0) new agent secrets processed
Nov 08 10:34:59 thinkpad NetworkManager[285]: <debug> [1667883899.1691] vpn[0x55aaeb654220,69929435-856e-4dae-9441-20ec03a479f3,"kamalpal"]: secrets: asking service if additional secrets are required
Nov 08 10:34:59 thinkpad NetworkManager[285]: <debug> [1667883899.1720] vpn[0x55aaeb654220,69929435-856e-4dae-9441-20ec03a479f3,"kamalpal"]: service indicated no additional secrets required
Nov 08 10:34:59 thinkpad NetworkManager[285]: <debug> [1667883899.1721] vpn[0x55aaeb654220,69929435-856e-4dae-9441-20ec03a479f3,"kamalpal"]: connect: allowing interactive secrets as all agents have that capability
Nov 08 10:34:59 thinkpad NetworkManager[285]: <debug> [1667883899.1723] vpn[0x55aaeb654220,69929435-856e-4dae-9441-20ec03a479f3,"kamalpal"]: set state: connect (was need-auth)
Nov 08 10:34:59 thinkpad NetworkManager[285]: <debug> [1667883899.1839] vpn[0x55aaeb654220,69929435-856e-4dae-9441-20ec03a479f3,"kamalpal"]: dbus: state changed: starting (3)
Nov 08 10:34:59 thinkpad NetworkManager[285]: <debug> [1667883899.1839] vpn[0x55aaeb654220,69929435-856e-4dae-9441-20ec03a479f3,"kamalpal"]: connect: success from ConnectInteractive
Nov 08 10:35:59 thinkpad NetworkManager[285]: <warn>  [1667883959.8205] vpn[0x55aaeb654220,69929435-856e-4dae-9441-20ec03a479f3,"kamalpal"]: connect timeout exceeded
Nov 08 10:35:59 thinkpad NetworkManager[285]: <debug> [1667883959.8206] vpn[0x55aaeb654220,69929435-856e-4dae-9441-20ec03a479f3,"kamalpal"]: set state: failed (was connect)
Nov 08 10:35:59 thinkpad NetworkManager[285]: <debug> [1667883959.8206] active-connection[0x55aaeb654220]: set state deactivated (was activating)
Nov 08 10:35:59 thinkpad NetworkManager[285]: <debug> [1667883959.8215] active-connection[0x55aaeb654220]: check-master-ready: not signalling (state deactivated, no master)
Nov 08 10:35:59 thinkpad NetworkManager[285]: <debug> [1667883959.8215] device[b4c4823e4814c896] (wlp4s0): remove_pending_action (0): 'activation-25'
Nov 08 10:35:59 thinkpad NetworkManager[285]: <debug> [1667883959.8252] active-connection[0x55aaeb654220]: disposing

EndUserOnly

Member

Registered: 2017-05-31

Posts: 74

Re: [SOLVED] VPN stopped working after update of openvpn and openssl

Thanks, I just wiped my system to fix root. Will add line to my config file and try again. I run it from command line.

Last edited by EndUserOnly (2022-11-08 13:59:45)

EndUserOnly

Member

Registered: 2017-05-31

Posts: 74

Re: [SOLVED] VPN stopped working after update of openvpn and openssl

Fellow was correct. My vpn provider is Airvpn. I have been with them forever. After Fellow informed me as such - I went to my provider for the solution. After visiting their  forum, I found that they were well aware that my key was deprecated, but it was up to me to regenerate the key, on their website - then download new config files. My problem is solved. Best wishes bro.

kamalpal

Member

Registered: 2022-11-07

Posts: 4

Re: [SOLVED] VPN stopped working after update of openvpn and openssl

So, re-importing the ovpn file into NetworkManager worked. Thanks!