I'm somewhat new to Zorin, but not Linux. I am having an issue with a vpn profile I am trying to import for a Sophos XGS firewall. I have to comment out 1 line to get it to import. After that when I try to get connect, it keeps prompting for my password and will not connect. The username and password was entered in the vpn settings and it is correct.
I can open the terminal and sudo openvpn --config /path/to/your/config.ovpn
This will prompt for my username and password where it will connect with no problem. It will remain connected as long as the terminal window is open.
In Ubuntu 25.04 it will import with no problem and connect with no problem from the GUI. The line I mentioned that needs to be commented out still has to be commented out in Ubuntu as well.
Any ideas to use the GUI in Zorin?
Thanks,
Barry
Can you try:
sudo apt install network-manager-openvpn network-manager-openvpn-gnome
sudo systemctl restart NetworkManager
The logic is:
So, it is not openvpn that is the issue, but network manager that is blocking access.
I had already tried that with NetworkManager and it did not work.
However, when I connect via the terminal I saw a line in the echo that mentioned a cipher of AES-256-GCM. I thought this was strange as the cipher in the profile shows AES-256-CBC. I change the cipher in the GUI to AES-256-GCM and it connected with no issues. But I doubled checked under Ubuntu and the cipher there in the GUI is AES-256-CBC, same as the profile.
Barry
Ah, there's your solution.
You need to use GCM, not the legacy CBC.
I just the checked the firewall and looked at the vpn server settings. The algorithm there is AES-256-CBC just as the in the profile. Of course the config file is output from the firewall.
That is a legacy compatibility setting.
I suspect that Zorin OS NetworkManager plugin enforces the GUI cipher instead, which causes the connection to fail unless GCM is selected explicitly.
Which is why your solution above is the fix.
Just to follow up. After a few days all is working well. I believe the firewall defaulted to that setting and was not changed when the VPN was created and set up. After some reading I have updated the firewall to use the AES-256-GCM. Thanks for your help looking at this.
Barry