Hi, we operate two SME Servers at separate locations, linked via OpenVPN Site to Site. Additionally when traveling we access the Servers from Linux Mint Laptops (Clients) using OpenVPN Bridge. SME is current version 10.x & fully patched. Linux Mint is v 21.3, fully patched.
After returning from overseas in January & having used the OpenVPN Bridge connection regularly we updated the Contribs on the SME Servers. This broke the OpenVPN Bridge function, connection fail errors on the Laptop. In the end we reinstalled PHPKI on the SME Server, set up all new Certificates etc. It seemed that the recent Contribs update to OpenVPN Bridge had broken something. After setting all this back up we have been able to connect to the SME Server ok using Mint 21.3 using the new Certificates.
Concurrently with the above we have been intending to move to Mint 22.1 by way of a new standard installation, which we will clone to several machines once stable. Using the same new Certificate files as above which work fine in Mint 21.3 we have not been able to establish an OpenVPN Bridge connection using Mint 22.1
SYSLOG on Mint 22,1 reports errors -
2025-02-09T20:43:59.555375+13:00 trevor-HP-ProBookG4 nm-openvpn[3123]: OpenSSL: error:11800071:PKCS12 routines::mac verify failure:
2025-02-09T20:43:59.555451+13:00 trevor-HP-ProBookG4 nm-openvpn[3123]: OpenSSL: error:0308010C:digital envelope routines::unsupported:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
2025-02-09T20:43:59.555503+13:00 trevor-HP-ProBookG4 nm-openvpn[3123]: Decoding PKCS12 failed. Probably wrong password or unsupported/legacy encryption
2025-02-09T20:43:59.555562+13:00 trevor-HP-ProBookG4 nm-openvpn[3123]: SIGUSR1[soft,private-key-password-failure] received, process restarting
2025-02-09T20:44:07.566976+13:00 trevor-HP-ProBookG4 nm-openvpn[3123]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
2025-02-09T20:44:07.567424+13:00 trevor-HP-ProBookG4 nm-openvpn[3123]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Despite the errors on Mint 22.1 the identical certificate and .opvn files work fine in Mint 21.3.
Since the error is local to Mint my assumption is that there is some incompatibility in the version of OpenVPN in Mint 22.1 and the OpenVPN Bridge software on the SME Server, this is a new version OpenVPN 2.6.12.
Mint 21,3 has OpenVPN 2.5.11.
Having spent lots of hours on this I am rather out of ideas. Possibly downgrade the OpenVPN on Mint 22.1 maybe, but need to then prevent it from being updated in the future. I did come across a compatibility switch for OpenVPN Client but could not make that work.
Unfortunately my command line skills are sadly lacking, so am not sure of how to go about downgrading the OpenVPN Version on Mint 22.1, have tried based upon a few methods posted online but none have worked and in the end we rolled back the Mint 22.1 using the Timeshift utility to its previous state, so back to basically a new default install.
Ideally if we can get the OpenVPN Bridge functional on Mint 22.1 then we can standardize on that version.
Any ideas gratefully received. Thanks Trevor
4 Replies
603 Views