Upgrade from 22.04 to 24.04 broke OpenVPN

I had OpenVPN working on Ubuntu 22.04 for years. Upgraded to Ubuntu 24.04 yesterday and it broke OpenVPN.

  • Initially, it would fail immediately as soon as I tried to connect, with a message “Unsupported cipher in --data-ciphers: BF-CBC”
  • Did some googling, edited /etc/netplan/blahblahblah.yaml to include: “vpn.data-ciphers: “AES-128-CBC”” Now it actually tries to connect and then after about 30 seconds fails with: “nm-openvpn[16639]: SIGUSR1[soft,auth-failure] received, process restarting”
  • Did some more googling, Tried adding a second parameter: “vpn.data-ciphers-fallback: “AES-128-CBC”” This fails immediately with a message about unsupported parameters. Deleted.
  • Did some more googling, downgraded my version of OpenVPV to 2.5. Still fails with an authentication failure.
  • Did some more googling, tried creating a new VPN connection from scratch in NetworkManager. Same issue.

What next?

While it would never come to my mind to use netplan to configure a VPN of a desktop (I’d just do it through network manager not touching the netplan config at all), did you check the netplan documentation yet ?

https://netplan.readthedocs.io/en/stable/howto/

It seems netplan is the default in Ubuntu 24.04, even when using NetworkManager.

Did you read the documentation? If renderer is set to network-manager netplan becomes a no-op (even though NM nowadays stores it’s files under /etc/netplan to avoid fragmentation, that renderer delegation completely hands control over to NM and netplan won’t do anything). If you just leave netplan alone and simply use the VPN handling from the GUI it should just work as before…

1 Like

Ok, so I may have been mistaken about netplan. I assumed that since the config was being stored in a yaml file in /etc/netplan that NM was using netplan. Based on what you wrote, that seems to have been an incorrect assumption.

Anyway, I was able to get openvpn to connect from the command line using a client.conf file that I manually created based on the openvpn documentation. So it would seem that the problem is NM.

1 Like

@ruetheday - would you mind sharing your client config? I am experiencing something similar except I a being asked for a password?

I would have but I just checked and it looks like NetworkManager or something else overwrote the file I created. Anyway, it was pretty minimalist with just the server name, cipher, path to CA, authentication method, and hardcoded username and password.