Greetings,
I have Mint 20.3 running and my SSL VPN to the office works fine (openvpn). On another machine with Mint 21 the SSL VPN doesn't work. Does anyone know if OpenVPN changed their configuration in the later version? I believe (don't quote me on this) that our Sophos SG Firewall is using an older SSL version and that during the connection it negotiates using OpenSSL 1.1.1. (See below)
Anyone know if I can configure the OpenVPN on Mint 21 (and above) to negotiate using the previous version of SSL? Or 'downgrade' OpenVPN to the previous iteration?
What the connection looks like (beginning of the connection):
<snip>
Mon Jan 30 11:28:53 2023 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Mon Jan 30 11:28:53 2023 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
</snip>
TIA
Mint 21 SSL VPN
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
-
- Level 1
- Posts: 11
- Joined: Wed Nov 15, 2017 7:28 pm
- Location: Boise, ID
- Contact:
Mint 21 SSL VPN
Last edited by LockBot on Mon Jul 31, 2023 10:00 pm, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: Mint 21 SSL VPN
It's very likely the "ca md too weak" issue which results from an OpenSSl upgrade. The eventual solution is to have your IT-management generate new certificates but in the meantime you can work around it via e.g. https://jabriffa.wordpress.com/2022/09/ ... 22-04-lts/
-
- Level 1
- Posts: 11
- Joined: Wed Nov 15, 2017 7:28 pm
- Location: Boise, ID
- Contact:
Re: Mint 21 SSL VPN
Thanks. I will look at the logs. I will try the 'workaround' you suggest as a temporary solution. And I will see about creating an updated certificate. It's such a small environment (only 4 of us use the VPN) that I can't see building a new cert (all of the Windows users are still able to connect), but since I am the Firewall admin I will peruse the Sophos forums to see about building a new self-signed cert with an updated cipher.
I inherited the job of Firewall admin so it isn't my expertise. But there is a plethora of information available so I imagine it shouldn't be too hard to solve the issue.
Cheers,
Griggs
I inherited the job of Firewall admin so it isn't my expertise. But there is a plethora of information available so I imagine it shouldn't be too hard to solve the issue.
Cheers,
Griggs