I recently upgraded from Ubuntu 20.04 (which ships OpenVPN 2.4.7) to Ubuntu 22.04 (which ships OpenVPN 2.5.5), and in OpenVPN 2.5.0 changelog i find
Removal of BF-CBC support in default configuration:
By default OpenVPN 2.5 will only accept AES-256-GCM and AES-128-GCM as
data ciphers. OpenVPN 2.4 allows AES-256-GCM,AES-128-GCM and BF-CBC
when no --cipher and --ncp-ciphers options are present. Accepting
BF-CBC can be enabled by adding
data-ciphers AES-256-GCM:AES-128-GCM:BF-CBC
and when you need to support very old peers also
data-ciphers-fallback BF-CBC
To offer backwards compatibility with older configs an explicit
cipher BF-CBC
in the configuration will be automatically translated into adding
BF-CBC to the data-ciphers option and setting data-ciphers-fallback to
BF-CBC (as in the example commands above). We strongly recommend to
switching away from BF-CBC to a more secure cipher.
and I can no longer connect to an OpenVPN server at work. Hence the question, how do I enable OpenVPN's BF-CBC in 22.04?
I did some googling, and allegedly in Fedora Linux, you enable it by adding
providers legacy default to /etc/openvpn/client.conf , but that file does not exist in Ubuntu, instead there is an (empty) directory path /etc/openvpn/client
