OpenVPN Support Forum

Posted: **Mon Aug 15, 2022 9:28 am**

Linux Mint 21

Success install openvpn.

OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022

openssl version -a

Code: Select all

OpenSSL 1.1.1q  5 Jul 2022
built on: Mon Aug 15 08:08:28 2022 UTC
platform: linux-x86_64
options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) 
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/usr/local/lib/engines-1.1"
Seeding source: os-specific

Now want to connect to remote setup via openvpn.

Code: Select all

sudo openvpn Leo.ovpn

but get error:

Code: Select all

2022-08-15 09:29:10 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-08-15 09:29:10 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2022-08-15 09:29:10 WARNING: file 'client.key' is group or others accessible
2022-08-15 09:29:10 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
2022-08-15 09:29:10 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2022-08-15 09:29:10 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2022-08-15 09:29:10 OpenSSL: error:0A00018E:SSL routines::ca md too weak
2022-08-15 09:29:10 Cannot load certificate file client.crt
2022-08-15 09:29:10 Exiting due to fatal error

P.S. I check folder. Exist files: client.crt and ca.crt

Posted: **Mon Aug 15, 2022 10:29 am**

a_subscriber wrote: ↑
Mon Aug 15, 2022 9:28 am
ca md too weak

Means your CA key is to weak to provide security. You need a new one.

Posted: **Mon Aug 15, 2022 10:43 am**

TinCanTech wrote: ↑
Mon Aug 15, 2022 10:29 am

a_subscriber wrote: ↑
Mon Aug 15, 2022 9:28 am
ca md too weak
Means your CA key is to weak to provide security. You need a new one.

It's impossible because certificate generate by admin. I can't access for this procedure

Posted: **Mon Aug 15, 2022 10:57 am**

Then tell your admin that the vpn is insecure.

Posted: **Mon Aug 15, 2022 1:40 pm**

I fix the problem:

I install openvpn ver. 2.4.7 and now no error.

OpenVPN 2.4.7 x86_64-pc-linux-gnu
OpenSSL 1.1.1q 5 Jul 2022

Posted: **Mon Aug 15, 2022 2:17 pm**

Your VPN is still insecure.

Posted: **Wed Nov 29, 2023 11:22 am**

Is is possible to fix this problem on OpenVpn 2.5.5 (LInux Mint 21) ?

Posted: **Sat Dec 02, 2023 11:28 pm**

A fix would be to nudge the server admin to update the certificate.
You can choose to have inadequate security, have a look at the TLS profiles in the OpenVPN manual.

OpenVPN Support Forum

OpenSSL: error:0A00018E:SSL routines::ca md too weak

OpenSSL: error:0A00018E:SSL routines::ca md too weak

Re: OpenSSL: error:0A00018E:SSL routines::ca md too weak

Re: OpenSSL: error:0A00018E:SSL routines::ca md too weak

Re: OpenSSL: error:0A00018E:SSL routines::ca md too weak

Re: OpenSSL: error:0A00018E:SSL routines::ca md too weak

Re: OpenSSL: error:0A00018E:SSL routines::ca md too weak

Re: OpenSSL: error:0A00018E:SSL routines::ca md too weak

Re: OpenSSL: error:0A00018E:SSL routines::ca md too weak