If you haven't update your bullseye Debian skip the 1 > 7 steps and follow the directions on the 2nd part of this guide because the 1st part is for those that have stuck to the bugged version of OpenVPN (until now i am writing this guide and i hope soon it will be fixed as i see from the package's tracker page activity:
https://tracker.debian.org/pkg/openvpn, but until this moment follow this guide and you will have a working OpenVPN again the old stable Debian 11 (Bullseye) version as you can check by visiting the previous link.
Also keep in mind that if you are still using the buster version of Debian you should first update to bullseye and after to bookworm but this guide is not about this upgrade since the OpenVPN package bugged on bookworm Debian only. I updated my Debian buster to bullseye with OpenVPN on without problems in the past!
The problem appeared on the 1st upgrade and it dropped the connection of the established OpenVPN while i was upgrading it. I clicked the vpn when it failed to download the upgrade packages and it established again during the upgrade but when the upgrade finished and restarted to Debian 12 (bookworm) the vpn refused to established. I removed / purged and reinstalled the bookworm version of OpenVPN and since it was succefully installing all 3 packages it refuses to establish the imported old configuration.
The solution to this problem was to downgrade all these 3 OpenVPN packages (and their dependencies) to the latest stable OpenVPN packages of Debian 11 (bullseye) - 2.5.1-3.
The main propose of this article is to share how i fixed the OpenVPN problem in bookworm since i didn't found any solution by searching on search engines and to write somewhere the way for downgrading a package on Debian. The package names here are for mate desktop on a x64 Debian, but If you are using other desktop or Architecture before you start, find the equivalent packages for your desktop and follow the same way (i will add the links with packages on Debian site to help you download them). Also it was my first and i can say succefully try to downgrade a package that depends from other 2 packages and it worked in 3 desktops so far without problems!
How to Downgrade the Bugged Version of OpenVPN of Bookworm to Bulleye OpenVPN.
1. First of all make sure that you will mark as manual installed the libpkcs11-helper1 package because openvpn needs it with this command as root or with sudo as user:
apt-mark manual libpkcs11-helper1
2. Download the 3 OpenVPN bullseye packages for manual installing before start for your Architecture now.
The OpenVPN bullseye version that is working is the 2.5.1-3 and the bugged and latest on bookworm when i am writing this guide is the 2.6.1-3.
3. Remove the 3 bugged bookworm OpenVPN packages and all of their dependencies with this command as root or with sudo as user:
apt purge -y openvpn network-manager-openvpn network-manager-openvpn-gnome && apt -y autoremove
4. Go to the directory you downloaded the 3 bulleye packages and manual install them with these commands and this order as root or with sudo as user:
dpkg -i openvpn_2.5.1-3_amd64.deb
dpkg -i network-manager-openvpn_1.8.12-2_amd64.deb
dpkg -i network-manager-openvpn-gnome_1.8.12-2_amd64.deb
if OpenVPN complains about libssl1.1 because depends from from it and there is not in BookWorm because it has replaced from libssl3 install it with apt
5. That's it! Now you have a working OpenVPN again and it will work with the old configuration you had, but if you have purged everything you can import manually the old ovpn file by clicking on network manager icon of the taskbar and
Configure VPN > + IMPORT A SAVED CONFIGURATION... > CREATE > BROWSE AND SAVE!
If it is working, congratulations! you have a working OpenVPN on Debian 12 (bookworm) but if it is not then better remove them now, all these 3 manually installed packages with apt with this command.
apt purge openvpn network-manager-openvpn network-manager-openvpn-gnome
if you have problems uninstalling or installing these 3 apps you have broken dpkg or app system and it's out of the scope of this guide, sorry.
6. And the last step is to hold the updates of these 3 packages and release the manual installed libpkcs11-helper1 to prevent them from upgrade
apt-mark hold openvpn network-manager-openvpn network-manager-openvpn-gnome
apt-mark auto libpkcs11-helper1
monitor the progress of the package and when you detect that it's fixed unhold all of them with the following command
apt-mark unhold openvpn network-manager-openvpn network-manager-openvpn-gnome
What you Should Do If you Want to Upgrade to Bookworm while you are using OpenVPN.
If you don't have upgraded your Debian 11 (Bullseye) to Debian11 (Bookworm) you should hold the 3 packages OpenVPN needs before the upgrade, otherwise it will drop the OpenVPN connection during upgrade and you should restart from the start the commands after you establish an internet connection without VPN. I am sure nobody wants an interrupted upgrade from a failed OpenVPN connection to a remote location.
So, before you start the upgrade procedure these are the full list of commands for those that want to upgrade by using an OpenVPN during upgrade.
apt-mark hold openvpn network-manager-openvpn network-manager-openvpn-gnome
check that at least these 3 packages will not upgraded yet and you have enough free space for upgrade with this command
df -k / | awk '{print $5}'
if you have free space update and clean your system with this commands as root
apt update -y && apt upgrade -y && apt full-upgrade -y && apt autoremove -y
or these command with sudo as user
sudo apt update -y && sudo apt upgrade -y && sudo apt full-upgrade -y && sudo apt autoremove -y
After that, edit sources file. Personal i open it as root with nano and after pressing the ctl + \ keys i type bullseye, enter and i type bookworm and enter again and when it asks once or all, i type the a key to replace all, BUT if you want more advanced way type these 4 commands as root of sudo as user:
cd /etc/apt/
sed -i 's/bullseye/bookworm/g' sources.list
sed -i 's#/debian-security bookworm/updates# bookworm-security#g' sources.list
and
export LC_ALL=C
if everything reported ok upgrade with this command if you dont want the new packages
apt update -y && apt upgrade --without-new-pkgs -y && apt full-upgrade -y && apt autoremove -y
or this if you don't care. personal i used the below commands and everything is working great
apt update -y && apt upgrade -y && apt full-upgrade -y && apt autoremove -y
if everything was ok reboot the system to finish the upgrade with this command as root or with sudo as user
and after reboot validate the upgrade with this command.
THAT'S ALL FOLKS, HAPPY DEBIAN 12 (BOOKWORM) WITH A FULL WORKING OPENVPN!
p.s. if you're still thinking that the downgrade of a package will alternate your debian, apt-mark will remind you every time you update your debian that you have 3 downgraded packages. I am sure you will never forget these 3 downgraded packages and the apt autoremove that there are 1 or more orphaned packages when you remove them 😂