Hack the box openvpn error

Page created by Christian Gill
 
CONTINUE READING
hack the box openvpn error
Can't connect to openvpn.
sudo openvpn aBySs13.ovpn [sudo] password for abyss13: Tue Apr 21 18:41:53 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL
(OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019 Tue Apr 21 18:41:53 2020 library versions:
OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10 Tue Apr 21 18:41:53 2020 OpenSSL: error:0909006C:PEM routines:get_name:no start line Tue Apr
21 18:41:53 2020 OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib Tue Apr 21 18:41:53 2020 Cannot load
inline certificate file Tue Apr 21 18:41:53 2020 Exiting due to fatal error.
Comments.
Hey! I've the same trouble!
Same here! Did you solve it yet?
There was no inline certification between the cert in the .ovpn file.
You can fix this by going to Access, and select one of the free labs by clicking on the ' Switch' button.
Then download the connection pack again and it should now have an inline cert value.
OpenVPN Error.
Since today Im Getting this error when I tried to connect throught OpenVPN.
Can someone help me?
2021-01-23 09:36:00 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets
are not compressed unless "allow-compression yes" is also set. 2021-01-23 09:36:00 DEPRECATED OPTION: --cipher set to 'AES-128-
CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations.
Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2021-01-23 09:36:00 OpenVPN 2.5.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD]
built on Oct 28 2020 2021-01-23 09:36:00 library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10 2021-01-23 09:36:00 Outgoing Control
Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2021-01-23 09:36:00 Incoming Control Channel
Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2021-01-23 09:36:01 TCP/UDP: Preserving recently used
remote address: [AF_INET]185.77.152.100:1337 2021-01-23 09:36:01 Socket Buffers: R=[212992->212992] S=[212992->212992] 2021-
01-23 09:36:01 UDP link local: (not bound) 2021-01-23 09:36:01 UDP link remote: [AF_INET]185.77.152.100:1337 2021-01-23 09:36:01
TLS: Initial packet from [AF_INET]185.77.152.100:1337, sid=5665125e 28f5e6fd 2021-01-23 09:36:02 VERIFY OK: depth=1, C=UK,
ST=City, L=London, O=HackTheBox, CN=HackTheBox CA, name=htb, [email protected] 2021-01-23 09:36:02 VERIFY KU OK 2021-01-
23 09:36:02 Validating certificate extended key usage 2021-01-23 09:36:02 ++ Certificate has EKU (str) TLS Web Server Authentication,
expects TLS Web Server Authentication 2021-01-23 09:36:02 VERIFY EKU OK 2021-01-23 09:36:02 VERIFY OK: depth=0, C=UK,
ST=City, L=London, O=HackTheBox, CN=htb, name=htb, [email protected] 2021-01-23 09:37:01 TLS Error: TLS key negotiation failed to
occur within 60 seconds (check your network connectivity) 2021-01-23 09:37:01 TLS Error: TLS handshake failed 2021-01-23 09:37:01
SIGUSR1[soft,tls-error] received, process restarting 2021-01-23 09:37:01 Restart pause, 5 second(s) 2021-01-23 09:37:06 Outgoing Control
Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2021-01-23 09:37:06 Incoming Control Channel
Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2021-01-23 09:37:11 TCP/UDP: Preserving recently used
remote address: [AF_INET]185.77.152.100:1337 2021-01-23 09:37:11 Socket Buffers: R=[212992->212992] S=[212992->212992] 2021-
01-23 09:37:11 UDP link local: (not bound) 2021-01-23 09:37:11 UDP link remote: [AF_INET]185.77.152.100:1337 2021-01-23 09:37:12
TLS: Initial packet from [AF_INET]185.77.152.100:1337, sid=5a809896 32423942 2021-01-23 09:37:12 VERIFY OK: depth=1, C=UK,
ST=City, L=London, O=HackTheBox, CN=HackTheBox CA, name=htb, [email protected] 2021-01-23 09:37:12 VERIFY KU OK 2021-01-
23 09:37:12 Validating certificate extended key usage 2021-01-23 09:37:12 ++ Certificate has EKU (str) TLS Web Server Authentication,
expects TLS Web Server Authentication 2021-01-23 09:37:12 VERIFY EKU OK 2021-01-23 09:37:12 VERIFY OK: depth=0, C=UK,
ST=City, L=London, O=HackTheBox, CN=htb, name=htb, [email protected] 2021-01-23 09:37:13 Control Channel: TLSv1.2, cipher TLSv1.2
ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 2021-01-23 09:37:13 [htb] Peer Connection Initiated with
[AF_INET]185.77.152.100:1337 2021-01-23 09:37:14 SENT CONTROL [htb]: 'PUSH_REQUEST' (status=1) 2021-01-23 09:37:14
PUSH: Received control message: 'PUSH_REPLY,route 10.10.10.0 255.255.255.0,route-ipv6 dead:beef::/64,tun-ipv6,route-gateway
10.10.14.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 dead:beef:2::103f/64 dead:beef:2::1,ifconfig 10.10.14.65 255.255.254.0,peer-
id 63,cipher AES-256-GCM' 2021-01-23 09:37:14 OPTIONS IMPORT: timers and/or timeouts modified 2021-01-23 09:37:14 OPTIONS
IMPORT: --ifconfig/up options modified 2021-01-23 09:37:14 OPTIONS IMPORT: route options modified 2021-01-23 09:37:14 OPTIONS
IMPORT: route-related options modified 2021-01-23 09:37:14 OPTIONS IMPORT: peer-id set 2021-01-23 09:37:14 OPTIONS IMPORT:
adjusting link_mtu to 1625 2021-01-23 09:37:14 OPTIONS IMPORT: data channel crypto options modified 2021-01-23 09:37:14 Data
Channel: using negotiated cipher 'AES-256-GCM' 2021-01-23 09:37:14 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit
key 2021-01-23 09:37:14 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2021-01-23 09:37:14
net_route_v4_best_gw query: dst 0.0.0.0 2021-01-23 09:37:14 net_route_v4_best_gw result: via 10.0.2.2 dev eth0 2021-01-23 09:37:14
ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=eth0 HWADDR=08:00:27:3e:77:73 2021-01-23 09:37:14 GDG6:
remote_host_ipv6=n/a 2021-01-23 09:37:14 net_route_v6_best_gw query: dst :: 2021-01-23 09:37:14 sitnl_send: rtnl: generic error (-101):
Network is unreachable 2021-01-23 09:37:14 ROUTE6: default_gateway=UNDEF 2021-01-23 09:37:14 ERROR: Cannot ioctl TUNSETIFF
tun: Operation not permitted (errno=1) 2021-01-23 09:37:14 Exiting due to fatal error.
T: Connection Troubleshooting.
The majority of VPN issues can be resolved using the steps suggested below.
If you’re new to the platform, please consider reading about the VPN System we use at Hack The Box to familiarize yourself with it and maybe
answer some of your questions:
Throughout the troubleshooting guide, we have included log snippets from your OpenVPN initialization log. This log is printed out on your screen
when you run the following command to start up your VPN session: sudo openvpn pack.ovpn .
Before you start troubleshooting, make sure you have the OS updated and upgraded to rule out any underlying issues due to old software.
Please make sure to verify if any of these mentioned log snippets appear on your own and take the appropriate action to resolve the issue.
If you continue to have issues after trying the below steps, feel free to open a support ticket, and we will respond as soon as possible.
I can't see any start/stop buttons next to Machines / Boxes.
As a free user, you do not need the Start / Stop buttons to manipulate instances of machines. As long as you're properly connected to the VPN,
you will be able to ping, scan and attack Active Boxes directly.
As a VIP user, make sure you're connected to a VIP lab VPN. You can check this by opening your .ovpn file and checking the 4th line, and
matching it against the lab mentioned on your dashboard at the top-right of the website.
I have connected to the VPN successfully, but I can't ping/scan any of the tutorial / Starting Point Boxes.
Please navigate to the top-right of the website and click on the button. It should say.
Starting Point .
Once there, you should see a green indicator showing that you are connected to the Starting Point lab. You can check which VPN server you are
connected to by clicking on the Starting Point option in the VPN menu.
I have recently switched to VIP, and I can't see the start/stop buttons next to Retired Boxes.
If you are using the HTB Classic view, you can check what VPN server you are connected to on the Access Page .
Click on the button below to view HTB Classic Access Page:
Once there, make sure you're connected to a VIP server. After purchasing VIP , you will not be automatically assigned to VIP , and you will not
have access to the Retired Boxes control until you've switched servers to the appropriate VIP ones.
If you're on the new HTB V2 view, please select one of the VIP servers from the VPN selection menu at the top-right of the website.
I’m experiencing high latency, and the connection with the boxes goes on and off every few minutes, or I can’t connect at all.
Description:
The inconsistent connection might be caused by orphaned OpenVPN processes battling over the control of TUN devices. Reboot your machine
and make sure you only have one OpenVPN instance running at a time.
OpenVPN assigns IP addresses to your newly created virtual interfaces . It creates TUN/TAP devices on-demand, so opening new instances
when you have other orphaned OpenVPN processes makes OpenVPN try to add an IP address to an interface that already has assigned one,
hence the error: File exists -> whereas the "File" is essentially an IP Address .
Reboot your machine, make sure you only have one OpenVPN instance running at a time.
I get the following error(s) when I initialize my OpenVPN connection.
Description:
IPv6 is a requirement for the connection to the labs. You are receiving this error because IPv6 is currently turned off for your Linux OS.
If you see 0 at cat /proc/sys/net/ipv6/conf/all/disable_ipv6 that means you have it enabled. If you see 1, you can enable it by pressing the sysctl
net.ipv6.conf.all.disable_ipv6=0 command.
Description:
OpenVPN requires root privileges to create virtual interfaces on demand.
Invoke the command with sudo or run it as root .
Description:
You have some commands inside the .ovpn file that OpenVPN doesn't recognize.
Regenerate your OpenVPN connection pack from the Dashboard on the top-right of the website.
Description:
The path to the OpenVPN connection pack you specified is wrong. Either you're trying to invoke the .ovpn file while not being in the same
directory as it is or the path you're specifying has a typo. If you downloaded the .ovpn file, it should be located in your Downloads folder as
.ovpn .
Run the command with the absolute path of the .ovpn file you're invoking.
openvpn --config (path_to/your_openvpn/configuration_file.ovpn)
Description:
You're using Windows.
Don't use Windows.
Description:
You're not able to connect to our internal OpenVPN network.
Ensure you have a stable working network connection and that the .ovpn file's keys are not revoked. A regenerated OpenVPN connection pack is
tied to a newly forged DHCP lease, so it will make all others obsolete. If there's a firewall on your network, whitelist our VPN services. If you're
on campus or in a workplace setting, ask the network administrator to do so. If you live in a country that censors your internet, you can try another
server or try to bypass the DPI by utilizing our  implementation through editing your .ovpn file.
Change proto udp to proto tcp.
Change  to 
Change  to 
Alternatively, you can try switching servers to one of the other available ones hoping that your connection will establish to one of these other
servers.
Blank/incorrect  Tag.
Description:
The certificate server has had some issues and is issuing empty or malformed  tags.
In some rare cases, connection packs may have a blank cert tag. If this happens to you, please open a support ticket so a team member can look
into it, then switch your VPN server on the Access Page below to one of the other available servers for the Boxes you’re trying to reach. These
have a low probability of having the same issue and will regain your access to the platform while our support team works on solving the issue.
You can switch servers by visiting your Dashboard on the Machines / Boxes page, where the server selection menus are at the top-right. A
different server might issue a correct .ovpn pack unless they are all affected.
Please let staff know about this issue before you switch servers.
Issues regarding empty  tags are usually solved fast, depending on the time of the report, and the Technical Support team will
announce the fix on the support ticket.
Key Values Mismatch.
Another uncommon issue you may come across is a key values mismatch error. If this happens to you, please open a support ticket.
Cannot connect to OpenVPN after upgrade to 18.04.
WARNING This solution is only for users who cannot upgrade the VPN server. If you have admin access to your VPN server, please upgrade it
and generate new keys, otherwise you will lose VPN security!
You need to add the following options in your OpenVPN config file:
This seems to not be possible with the network-manager GUI tool (correct me if I'm wrong), so you need to export your network-manager config
to a file using this command:
Then add the two options mentioned above to the end of the file, and launch openVPN from command line using this command:
Once you verify that the connection is working again, you can import back your unpdated configuration file and continue to use the Network
Manager to setup the tunnel (thanks Eineki):
Thread: Unable to connect to openVPN server.
Hello i am going to be as more specifig as i can. I am using Kali 2.0 amd 64bit on VirtualBox 5.0.10 with host system xubuntu 14.04 LTS. I am
trying to connect to vpnbook openvpn european server #1 through vpnbook-euro1-tcp433.ovpn file which is contained in the downloadable
archive VPNBook.com-OpenVPN-Euro1.zip. Other files in the archive include :
vpnbook-euro1-tcp80.ovpn vpnbook-euro1-udp53.ovpn vpnbook-euro1-tcp25000.ovpn.
Im running the following command on terminal as root and i get corresponding error :
Options error: In [CMD-LINE]:1: Error opening configuration file : vpnbook-euro1-tcp433.ovpn.
Note that other files seem to open properly and prompt me for credentials. Any help gladly appreciated, dealing with this 2 days now.
View Profile View Forum Posts.
View Profile View Forum Posts Private Message.
View Profile View Forum Posts Private Message.
Vpnbook.
I was getting the same error and i found out it was just a simple mistake :P .. you may be doing the same as i was.
So. I downloaded the OVPN files from vpnbook's site . i extracted the zipped bundle of 'ovpn' files on to the desktop.
You can also read