Hi!
I am having problems with establishing VPN connection. On F40 the same configuration was working without any problems, and on F41 connection does not work. My configuration looks like this (in /etc/NetworkManager/system-connections/****@*****.nmconnection):
[connection]
id=*****@*******
uuid=b68630a7-9206-4a53-bcf0-fe117bcf9505
type=vpn
autoconnect=false
permissions=user:****:;
[vpn]
allow-compression=asym
auth=SHA256
ca=/home/****/.cert/nm-openvpn/*****@*****.pem
cert=/home/****/.cert/nm-openvpn/*****@*****.pem
cert-pass-flags=0
challenge-response-flags=2
data-ciphers=AES-128-CBC
cipher=AES-128-CBC
comp-lzo=adaptive
connection-type=password-tls
dev=tun
dev-type=tun
key=/home/*****/.cert/nm-openvpn/*****@*******.pem
password-flags=1
remote=*****:15443
reneg-seconds=0
tls-cipher=DEFAULT:@SECLEVEL=0
username=*****
verify-x509-name=subject:C=**, L=*****, O=*****, CN=*****, emailAddress=******
service-type=org.freedesktop.NetworkManager.openvpn
[ipv4]
method=auto
[ipv6]
addr-gen-mode=default
method=auto
[proxy]
When trying to connect journalctl prints the following:
OpenVPN 2.6.12 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
library versions: OpenSSL 3.2.2 4 Jun 2024, LZO 2.10
DCO version: N/A
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
TCP/UDP: Preserving recently used remote address: [AF_INET]********:***
UDPv4 link local: (not bound)
UDPv4 link remote: [AF_INET]********:***
NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
VERIFY ERROR: depth=0, error=certificate signature failure: C=**, L=*******, O=******, CN=*******, emailAddress=*******, serial=*******
OpenSSL: error:0A000086:SSL routines::certificate verify failed:
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
SIGUSR1[soft,tls-error] received, process restarting
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
TCP/UDP: Preserving recently used remote address: [AF_INET]********:***
UDPv4 link local: (not bound)
UDPv4 link remote: [AF_INET]********:***
VERIFY ERROR: depth=0, error=certificate signature failure: C=**, L=*******, O=******, CN=*******, emailAddress=*******, serial=*******
OpenSSL: error:0A000086:SSL routines::certificate verify failed:
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
SIGUSR1[soft,tls-error] received, process restarting