As a quick addition for the QVPN app on a Qnap NAS in our network I just installed a Raspberry 3 with PiVpn (pivpn.io) configured for OpenVPN, as I'm in doubt Qnap will release an updated QVpn just in Time ...
Works like a charm and installation is super easy. With at least one connection it seems even faster than QVpn on a more powerful NAS. No test with multiple connections until now ... but there are more beefy Rasberry 4 if it shows to slow... With this additional VPN the transition to Ubuntu 20.04 can now be done in my company. When its finished i'll switch off QVpn (and remove the corresponding portforwarding). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1866611 Title: OpenVPN w. SHA1 signed CA broken after upgrade to 1.1.1d-2ubuntu6 Status in openssl package in Ubuntu: Confirmed Bug description: After upgrading openssl on my Focal-install this morning (upgrade openssl:amd64 1.1.1d-2ubuntu3 1.1.1d-2ubuntu6 per /var/log/dpkg.log), my OpenVPN tunnel refuses to connect to our corporate VPN (from /var/log/syslog): corp-laptop nm-openvpn[4688]: VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=DK, ST=None, L=Copenhagen, O=XX, OU=XX, CN=XX, emailAddress=XX corp-laptop nm-openvpn[4688]: OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed I'm told we're running a SHA1-signed CA, which we're guessing has been deprecated somewhere between -2ubuntu3 and -2ubuntu6. The changelog for -2ubuntu4 mentions importing some upstream changes, but isn't more specific than that: https://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/openssl_1.1 .1d-2ubuntu4/changelog As a work-around, the internet suggests two work-arounds (neither of which has worked for me): 1) Adding the following to /etc/defaults/openssl: OPTARGS="--tls-cipher DEFAULT:@SECLEVEL=0" 2) Adding the following to /etc/ssl/openssl.conf: CipherString = :@SECLEVEL=1 I also tried rolling back the package, but the old version doesn't seem to be available: $ sudo apt install openssl=1.1.1d-2ubuntu3 ... E: Version '1.1.1d-2ubuntu3' for 'openssl' was not found I am no SSL-expert and would appreciate any pointers to get around this. (Our network-dept. does not have the bandwidth to roll over our CA on short notice, so I will need some other way to move ahead). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1866611/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
