21.04 update breaks VPN

I just updated to 21.04 and now my VPN will not connect. Message is the connection attempt timed out. Is there a way I can downgrade the installed openvpn to the previous version?


Hi @Bill :slight_smile:

I never used openvpn but I got similar issues than you with cisco anyconnect.

I used to solve it with this command :

cp /etc/ssl/certs/Entrust* /opt/.cisco/certificates/ca

also, one day, I got to restore all vpn settings from my profile :

tree /home/olek/.cisco/
├── certificates
│   └── client
│       ├── olek.pem -> /home/olek/.cisco/certificates/client/olek-vpn-user_cert.csr
│       ├── olek-vpn-ca_cert.csr
│       ├── olek-vpn-user_cert.csr
│       └── private
│           ├── olek.key -> /home/olek/.cisco/certificates/client/private/olek-vpn-private_key.key
│           └── olek-vpn-private_key.key
└── hostscan
    ├── bin
    │   └── cscan
    ├── lib
    │   ├── libcsd.so
    │   └── libhostscan.so
    └── log
        ├── cscan.log
        ├── cscan.log.1
        ├── cscan.log.2
        ├── cstub.log
        └── libcsd.log

Let's hope someone that has more experience with openvpn respond :slight_smile: Since then, you can try to understand my cisco steps and maybe use it to find solution for your end.

Thanks for the suggestion. I am not sure what you changed to fix your problem but it looks like you recovered your configuration from backups. I have tried building a new configuration file and got the same results. But it does work on another computer that I have not updated from 20.10 to 21.04. I want to try downgrading openvpn to the earlier version but I have not been able to find how to do that.


My VPN provider just got back to me. Apparently the cipher key type has to be specified in the latest version of openvpn. They told me what key to enter and it is working again. So a downgrade is not needed. As you were,


1 Like