I recently upgraded from Ubuntu 20.04 (which ships OpenVPN 2.4.7) to Ubuntu 22.04 (which ships OpenVPN 2.5.5), and in OpenVPN 2.5.0 changelog i find
Removal of BF-CBC support in default configuration:
By default OpenVPN 2.5 will only accept AES-256-GCM and AES-128-GCM as data ciphers. OpenVPN 2.4 allows AES-256-GCM,AES-128-GCM and BF-CBC when no --cipher and --ncp-ciphers options are present. Accepting BF-CBC can be enabled by adding
data-ciphers AES-256-GCM:AES-128-GCM:BF-CBCand when you need to support very old peers also
data-ciphers-fallback BF-CBCTo offer backwards compatibility with older configs an explicit
cipher BF-CBCin the configuration will be automatically translated into adding BF-CBC to the data-ciphers option and setting data-ciphers-fallback to BF-CBC (as in the example commands above). We strongly recommend to switching away from BF-CBC to a more secure cipher.
and I can no longer connect to an OpenVPN server at work. Hence the question, how do I enable OpenVPN's BF-CBC in 22.04?
I did some googling, and allegedly in Fedora Linux, you enable it by adding
providers legacy default to /etc/openvpn/client.conf , but that file does not exist in Ubuntu, instead there is an (empty) directory path /etc/openvpn/client
systemctl start openvpn-client@<something>? Or some other way? – muru Mar 09 '23 at 08:13sudo openvpn Hans.ovpnand the ovpn file looks like: https://termbin.com/jfdo2 – hanshenrik Mar 09 '23 at 08:21data-ciphers AES-256-GCM:AES-128-GCM:BF-CBCto theHans.ovpnfile. – muru Mar 09 '23 at 08:26