Mint 21 SSL VPN

[griggshull]

Greetings,

I have Mint 20.3 running and my SSL VPN to the office works fine (openvpn). On another machine with Mint 21 the SSL VPN doesn't work. Does anyone know if OpenVPN changed their configuration in the later version? I believe (don't quote me on this) that our Sophos SG Firewall is using an older SSL version and that during the connection it negotiates using OpenSSL 1.1.1. (See below)

Anyone know if I can configure the OpenVPN on Mint 21 (and above) to negotiate using the previous version of SSL? Or 'downgrade' OpenVPN to the previous iteration?

What the connection looks like (beginning of the connection):
<snip>
Mon Jan 30 11:28:53 2023 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Mon Jan 30 11:28:53 2023 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
</snip>

TIA

[rene]

It's very likely the "ca md too weak" issue which results from an OpenSSl upgrade. The eventual solution is to have your IT-management generate new certificates but in the meantime you can work around it via e.g. https://jabriffa.wordpress.com/2022/09/ ... 22-04-lts/

[griggshull]

Thanks. I will look at the logs. I will try the 'workaround' you suggest as a temporary solution. And I will see about creating an updated certificate. It's such a small environment (only 4 of us use the VPN) that I can't see building a new cert (all of the Windows users are still able to connect), but since I am the Firewall admin I will peruse the Sophos forums to see about building a new self-signed cert with an updated cipher.

I inherited the job of Firewall admin so it isn't my expertise. But there is a plethora of information available so I imagine it shouldn't be too hard to solve the issue.

Cheers,
Griggs