Debug: OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak

Environment

1
2
3
OS Ubuntu 18.04
OpenSSL 1.0.2o
OpenVPN 2.4.4

Description

After install openvpn

1
2
3
4
sudo apt install -y \
openvpn \
network-manager-openvpn \
network-manager-openvpn-gnome

When used openvpn GUI to import .ovpn file and clicked to connect, pop up this error:
activation of network connection failed

check /var/log/syslog
get this OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak

.ovpn file

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
client
dev tap
proto udp
remote <>
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert <>.crt
key <>.key
tls-auth tlsauth.key 1
ns-cert-type server
cipher AES-128-CBC
comp-lzo
verb 4
script-security 3

Solution

modify vpn configuration file
sudo vim /etc/NetworkManager/system-connections/<VPN-CONFIG-FILE>

Under vpn section, add this line

1
2
[vpn]
tls-cipher=DEFAULT:@SECLEVEL=0

Reload the configuration
sudo nmcli connection reload

Can only connect to the vpn internet

Now I can successfully access the vpn network but fail to reach the internet outside that vpn subnet.

With GUI, this could be simply fixed by:

Reference

[1] https://askubuntu.com/questions/1043899/openvpn-on-ubuntu-18-04
[2] https://forums.openvpn.net/viewtopic.php?t=23979
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1498322
[4] https://bbs.deepin.org/forum.php?mod=viewthread&tid=155262