Month: July 2018

JPG Loading Issue

skp Troubleshooting Leave a comment

Unfortunately, this issue is unsolved for me. I found plenty of things that fixed it for other people, so maybe they will help you. If you have an idea of something else to try, please comment.

My laptop will not load jpeg files for some reason. Chrome and Internet browsing works just fine. I can see all images there, but I can’t see jpeg images in Eye of Gnome. The worst is that I can’t see the background. The desktop background is just blue.

Here’s my troubleshooting notes:

Read More

Open SSL Weak Certificate

skp Networking, VPN Leave a comment

I have a client’s VPN that was giving me a hard time. It was an Open VPN connection.

There was a comment in the Forum that I was reading about security. It sounds like it would be better to regenerate the certificates, but since I have no control over the server, I couldn’t do that.

Error Messages

There are the error messages that I was seeing in my log:

  • Cannot load certificate file <path removed>COTVPN.crt
  • OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
  • Options error: Please correct these errors.

I checked my version:

$ openvpn --version
OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 10 2018
library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no

Solution

First, I edited the VPN’s configuration file:

 sudo vi /etc/NetworkManager/system-connections/COTVPN

As the last line under the [vpn] section, I added the line:

tls-cipher=DEFAULT:@SECLEVEL=0

Then, I ran this command to reload the configuration:

sudo nmcli connection reload

After that, it worked.

Missing Packages

Note: Earlier, I was getting these messages:

  • VPN plugin at /usr/lib/NetworkManager/nm-iodine-auth-dialog is not executable
  • VPN plugin at /usr/lib/NetworkManager/nm-vpnc-auth-dialog is not executable

I installed these two packages:

  • network-manager-iodine-gnome
  • network-manager-vpnc-gnome

Those two packages fixed those errors.

Resources