Page MenuHomeSolus
Create Task
Maniphest T9155

OPEN VPN Issue
Closed, ResolvedPublic
Actions

Description

Since new update released, cant seem to connect to any vpn using open vpn.

im using a saved vpn connection configuration all was working ok but since update i cant seem to connect, Any open vpn file i use doesnt seem to connect

Revisions and Commits

R2261 openvpn
R2261:4b50cabd6a8b Add patch to change default cipher. Enable async push. Switch to mbedtls.

Related Objects

Event Timeline

frendznet created this task.Jul 4 2020, 2:11 PM
Herald added a project: Lacks Project. · View Herald TranscriptJul 4 2020, 2:11 PM
frendznet triaged this task as High priority.Jul 4 2020, 2:13 PM
frendznet added projects: Restricted Project, Support Query.
DataDrake lowered the priority of this task from High to Needs More Info.Jul 4 2020, 6:26 PM
DataDrake edited projects, added Software; removed Support Query, Restricted Project, Lacks Project.
DataDrake added a subscriber: DataDrake.

What error(s) are you getting? You've given us nothing to go on.

Also, if you change the priority like that again, I will ban you. You've been warned about this multiple times in the past. Changing the Priority is up to the Triage Team, not you.

frendznet added a comment.Jul 4 2020, 7:34 PM

Sorry wont happen again

i thought i attached the file. I have attached it again for the log file.

opn.txt4 KBDownload

opn4 KBDownload

frendznet mentioned this in T9158: OpenVPN not working after recent update.Jul 5 2020, 3:08 PM
JoshStrobl merged a task: T9158: OpenVPN not working after recent update.Jul 6 2020, 6:58 AM
JoshStrobl added a subscriber: magicwindow.
JoshStrobl mentioned this in R2159:6faf6a973d97: Update pppd version pathing..Jul 6 2020, 7:04 AM
frendznet added a comment.Jul 9 2020, 10:44 PM
This comment was removed by frendznet.
raenk added a subscriber: raenk.Jul 9 2020, 10:59 PM

Hi,

Having the same issue. I opened a thread on the forums. https://discuss.getsol.us/d/5093-vpn-openvpn-not-connecting-anymore

Here is the relevant info:

OpenSSL: error:25066067:DSO support routines:dlfcn_load:could not load the shared library
OpenSSL: error:25070067:DSO support routines:DSO_load:could not load the shared library
OpenSSL: error:0909006C:PEM routines:get_name:no start line

It seems to be related with the upgrade to OpenSSL 1.1.1 I found some information that suggest going back to previous OpenVPN version (2.4.9-12) could fix it. But that would be just a 'dirty' work around.

Thanks

frendznet added a subscriber: JoshStrobl.Jul 13 2020, 10:59 AM

Any update on this issue ? Could really like to use my vpn without me distro jumping somewhere else.

@JoshStrobl

JoshStrobl merged a task: T9177: OpenVPN not working.Jul 13 2020, 11:18 AM
JoshStrobl added a subscriber: ChloeKani.
JoshStrobl added a comment.EditedJul 13 2020, 12:46 PM

I haven't tracked down a specific solution for this and since I don't use OpenVPN (I've mostly been getting results related to AES-NI, various hardware solutions, BSD-related OSes, etc.), have any configs, etc. I can't validate much further than providing the two eopkg files below. These files include an updated mbedtls and a build of openvpn that defaults to AES ciphers (patch from Fedora), enables async push and changes the TLS crypto library. The limit of my testing was checking ciphers, tls, and digests via openvpn's CLI.

Whether or not the provided solution (probably worth rebooting after the install) works, I'd like to know. The mbedtls update will still happen regardless as it is not up-to-date but I'd like to know if I should bother switching OpenVPN to using it:

sudo eopkg install https://mirrors.rit.edu/solus/packages/unstable/m/mbedtls/mbedtls-2.23.0-7-1-x86_64.eopkg https://getsol.us/sources/openvpn-test/openvpn-2.4.9-14-1-x86_64.eopkg

Edit v2 (since it was resolved on Tuesday, July 14th):

sudo eopkg install https://mirrors.rit.edu/solus/packages/unstable/m/mbedtls/mbedtls-2.23.0-7-1-x86_64.eopkg https://mirrors.rit.edu/solus/packages/unstable/o/openvpn/openvpn-2.4.9-14-1-x86_64.eopkg
raenk added a comment.Jul 13 2020, 5:05 PM

I did the install and it worked for me. No reboot was necessary.

Thanks!

frendznet added a comment.Jul 13 2020, 6:05 PM

@JoshStrobl Yes that seems to have fixed the problem now open vpn is working. Thanks so much :-)

JoshStrobl closed this task as Resolved by committing R2261:4b50cabd6a8b: Add patch to change default cipher. Enable async push. Switch to mbedtls..Jul 14 2020, 3:10 AM
JoshStrobl claimed this task.
JoshStrobl added a commit: R2261:4b50cabd6a8b: Add patch to change default cipher. Enable async push. Switch to mbedtls..
JoshStrobl merged a task: T9188: OpenSSL errors when connecting to OpenVPN.Jul 14 2020, 11:11 AM
JoshStrobl added a subscriber: fredrikj.
fredrikj added a comment.Jul 14 2020, 11:17 AM

Sorry for the duplicate task,

I can confirm the two above packages seems to resolve the problem for me as well on both of my machines.

magicwindow added a comment.Jul 14 2020, 1:02 PM

josh's solution works for me also, thank you!

moore-bryan added a subscriber: moore-bryan.EditedJul 15 2020, 5:22 PM

Sorry, but this solution does nothing for me using TunnelBear; ended up here from this thread.

journalctl:

Jul 15 13:23:07 zenbook NetworkManager[704]: <info>  [1594833787.7255] audit: op="connection-activate" uuid="51a3a1dc-e928-4812-856f-20646b196c56" name="TunnelBear United States" pid=1464 uid=1000 result="success"
Jul 15 13:23:07 zenbook NetworkManager[704]: <info>  [1594833787.7393] vpn-connection[0x275e500,51a3a1dc-e928-4812-856f-20646b196c56,"TunnelBear United States",0]: Started the VPN service, PID 2994
Jul 15 13:23:07 zenbook NetworkManager[704]: <info>  [1594833787.7506] vpn-connection[0x275e500,51a3a1dc-e928-4812-856f-20646b196c56,"TunnelBear United States",0]: Saw the service appear; activating connection
Jul 15 13:23:07 zenbook NetworkManager[704]: <info>  [1594833787.8019] vpn-connection[0x275e500,51a3a1dc-e928-4812-856f-20646b196c56,"TunnelBear United States",0]: VPN plugin: state changed: starting (3)
Jul 15 13:23:07 zenbook NetworkManager[704]: <info>  [1594833787.8020] vpn-connection[0x275e500,51a3a1dc-e928-4812-856f-20646b196c56,"TunnelBear United States",0]: VPN connection: (ConnectInteractive) reply received
Jul 15 13:23:07 zenbook NetworkManager[2999]: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: keysize (2.4.9)
Jul 15 13:23:07 zenbook NetworkManager[2999]: Use --help for more information.
Jul 15 13:23:07 zenbook NetworkManager[704]: <warn>  [1594833787.8031] vpn-connection[0x275e500,51a3a1dc-e928-4812-856f-20646b196c56,"TunnelBear United States",0]: VPN plugin: failed: connect-failed (1)
Jul 15 13:23:07 zenbook NetworkManager[704]: <warn>  [1594833787.8033] vpn-connection[0x275e500,51a3a1dc-e928-4812-856f-20646b196c56,"TunnelBear United States",0]: VPN plugin: failed: connect-failed (1)
Jul 15 13:23:07 zenbook NetworkManager[704]: <info>  [1594833787.8033] vpn-connection[0x275e500,51a3a1dc-e928-4812-856f-20646b196c56,"TunnelBear United States",0]: VPN plugin: state changed: stopping (5)
Jul 15 13:23:07 zenbook NetworkManager[704]: <info>  [1594833787.8035] vpn-connection[0x275e500,51a3a1dc-e928-4812-856f-20646b196c56,"TunnelBear United States",0]: VPN plugin: state changed: stopped (6)
Jul 15 13:23:07 zenbook NetworkManager[704]: <info>  [1594833787.8060] vpn-connection[0x275e500,51a3a1dc-e928-4812-856f-20646b196c56,"TunnelBear United States",0]: VPN service disappeared
JoshStrobl added a comment.EditedJul 15 2020, 6:05 PM

Not really anything to do with this update though, more their config from what it would seem: https://superuser.com/questions/1305711/openvpn-options-error-unrecognized-option-or-missing-or-extra-parameters-2

I'd reach out to them about it.

moore-bryan added a comment.Jul 15 2020, 6:21 PM

Thanks a ton @JoshStrobl; I didn't even think of checking the config file for that "keysize" variable!

JoshStrobl added a comment.Jul 15 2020, 7:38 PM

All good. Not sure why it'd start complaining now, possibly one of the new updates just being more cranky / strict about it.

moore-bryan added a comment.Jul 15 2020, 7:39 PM

Yeah, no idea, but commenting out "keysize" makes everything work again.

dscully added a subscriber: dscully.Jul 20 2020, 10:48 PM

I've been unable to connect to my work's VPN after upgrading to OpenVPN 2.4.9-14. Downgrading to 2.4.9-13 resolves the issue.

When connecting with my OpenVPN configuration I get this error:

Jul 20 15:33:42 davidsolus nm-openvpn[4151]: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: pkcs12 (2.4.9)
Jul 20 15:33:42 davidsolus nm-openvpn[4151]: Use --help for more information.

I suspect the problem is the change for OpenVPN to use the mbedtls TLS crypto library.

Per this README it looks like PKCS#12 file support is not available when using mbedtls.
https://fossies.org/linux/openvpn/README.mbedtls

I tried working around this by pointing to my key and certificates directly instead of the PKCS12 file, but then I got this error:

Jul 20 15:35:23 davidsolus nm-openvpn[4493]: Message hash algorithm 'whirlpool' not found
Jul 20 15:35:23 davidsolus nm-openvpn[4493]: Exiting due to fatal error

Seems like mbedtls does not support whirlpool either.

I wonder if the invalid "keysize" option encountered by @moore-bryan is another result of compiling against mbedtls?

xulongwu4 added a subscriber: xulongwu4.Jul 20 2020, 10:53 PM

I have to say I have the same issue. I also confirmed that using mbedtls as the crypto-library caused the issue.

xulongwu4 mentioned this in T9213: OpenVPN issue.Jul 23 2020, 12:29 AM
dscully added a comment.Aug 29 2020, 4:53 PM

Can we reopen this issue, so the regression is not forgotten? @JoshStrobl

JoshStrobl mentioned this in T9365: OpenVPN.Nov 10 2020, 3:28 PM
Crafol added a subscriber: Crafol.Mar 11 2021, 4:49 PM

I can't use openvpn to log into work vpn since version 2.4.9-14.1.

$openvpn ulmo-UDP4-1194-mparolo.ovpn
Options error: Unrecognized option or missing or extra parameter(s) in ulmo-UDP4-1194-mparolo.ovpn:13: pkcs12 (2.4.9)

In order to continue working I had to go back to version 13, with which openvpn recognizes pkcs12 without problems.

With every software update I have to revert to the previous version by hand.

Glioburd added a subscriber: Glioburd.EditedAug 24 2021, 6:49 AM

Hello, I'm having the problem with OpenVPN (2.5.3):

2021-08-24 08:58:40 Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).
2021-08-24 08:58:40 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2021-08-24 08:58:40 OpenVPN 2.5.3 x86_64-solus-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul 22 2021
2021-08-24 08:58:40 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10

? Enter Auth Username: foo
? Enter Auth Password: **********              
2021-08-24 08:58:44 OpenSSL: error:25066067:DSO support routines:dlfcn_load:could not load the shared library
2021-08-24 08:58:44 OpenSSL: error:25070067:DSO support routines:DSO_load:could not load the shared library
[...]

I cannot downgrade OpenVPN with @JoshStrobl fix by installing openvpn-2.4.9 because it's no longer in the repo (404).
Is there an other way I could install OpenVpn 2.4.9?
Thanks for your help.

Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.