Hack the box openvpn error
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
hack the box openvpn error
Can't connect to openvpn. sudo openvpn aBySs13.ovpn [sudo] password for abyss13: Tue Apr 21 18:41:53 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019 Tue Apr 21 18:41:53 2020 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10 Tue Apr 21 18:41:53 2020 OpenSSL: error:0909006C:PEM routines:get_name:no start line Tue Apr 21 18:41:53 2020 OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib Tue Apr 21 18:41:53 2020 Cannot load inline certificate file Tue Apr 21 18:41:53 2020 Exiting due to fatal error. Comments. Hey! I've the same trouble! Same here! Did you solve it yet? There was no inline certification between the cert in the .ovpn file. You can fix this by going to Access, and select one of the free labs by clicking on the ' Switch' button. Then download the connection pack again and it should now have an inline cert value. OpenVPN Error. Since today Im Getting this error when I tried to connect throught OpenVPN. Can someone help me? 2021-01-23 09:36:00 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set. 2021-01-23 09:36:00 DEPRECATED OPTION: --cipher set to 'AES-128- CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning. 2021-01-23 09:36:00 OpenVPN 2.5.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 28 2020 2021-01-23 09:36:00 library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10 2021-01-23 09:36:00 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2021-01-23 09:36:00 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2021-01-23 09:36:01 TCP/UDP: Preserving recently used remote address: [AF_INET]185.77.152.100:1337 2021-01-23 09:36:01 Socket Buffers: R=[212992->212992] S=[212992->212992] 2021- 01-23 09:36:01 UDP link local: (not bound) 2021-01-23 09:36:01 UDP link remote: [AF_INET]185.77.152.100:1337 2021-01-23 09:36:01 TLS: Initial packet from [AF_INET]185.77.152.100:1337, sid=5665125e 28f5e6fd 2021-01-23 09:36:02 VERIFY OK: depth=1, C=UK, ST=City, L=London, O=HackTheBox, CN=HackTheBox CA, name=htb, [email protected] 2021-01-23 09:36:02 VERIFY KU OK 2021-01- 23 09:36:02 Validating certificate extended key usage 2021-01-23 09:36:02 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2021-01-23 09:36:02 VERIFY EKU OK 2021-01-23 09:36:02 VERIFY OK: depth=0, C=UK, ST=City, L=London, O=HackTheBox, CN=htb, name=htb, [email protected] 2021-01-23 09:37:01 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2021-01-23 09:37:01 TLS Error: TLS handshake failed 2021-01-23 09:37:01 SIGUSR1[soft,tls-error] received, process restarting 2021-01-23 09:37:01 Restart pause, 5 second(s) 2021-01-23 09:37:06 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2021-01-23 09:37:06 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2021-01-23 09:37:11 TCP/UDP: Preserving recently used remote address: [AF_INET]185.77.152.100:1337 2021-01-23 09:37:11 Socket Buffers: R=[212992->212992] S=[212992->212992] 2021- 01-23 09:37:11 UDP link local: (not bound) 2021-01-23 09:37:11 UDP link remote: [AF_INET]185.77.152.100:1337 2021-01-23 09:37:12 TLS: Initial packet from [AF_INET]185.77.152.100:1337, sid=5a809896 32423942 2021-01-23 09:37:12 VERIFY OK: depth=1, C=UK, ST=City, L=London, O=HackTheBox, CN=HackTheBox CA, name=htb, [email protected] 2021-01-23 09:37:12 VERIFY KU OK 2021-01- 23 09:37:12 Validating certificate extended key usage 2021-01-23 09:37:12 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2021-01-23 09:37:12 VERIFY EKU OK 2021-01-23 09:37:12 VERIFY OK: depth=0, C=UK, ST=City, L=London, O=HackTheBox, CN=htb, name=htb, [email protected] 2021-01-23 09:37:13 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 2021-01-23 09:37:13 [htb] Peer Connection Initiated with [AF_INET]185.77.152.100:1337 2021-01-23 09:37:14 SENT CONTROL [htb]: 'PUSH_REQUEST' (status=1) 2021-01-23 09:37:14 PUSH: Received control message: 'PUSH_REPLY,route 10.10.10.0 255.255.255.0,route-ipv6 dead:beef::/64,tun-ipv6,route-gateway 10.10.14.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 dead:beef:2::103f/64 dead:beef:2::1,ifconfig 10.10.14.65 255.255.254.0,peer- id 63,cipher AES-256-GCM' 2021-01-23 09:37:14 OPTIONS IMPORT: timers and/or timeouts modified 2021-01-23 09:37:14 OPTIONS IMPORT: --ifconfig/up options modified 2021-01-23 09:37:14 OPTIONS IMPORT: route options modified 2021-01-23 09:37:14 OPTIONS IMPORT: route-related options modified 2021-01-23 09:37:14 OPTIONS IMPORT: peer-id set 2021-01-23 09:37:14 OPTIONS IMPORT: adjusting link_mtu to 1625 2021-01-23 09:37:14 OPTIONS IMPORT: data channel crypto options modified 2021-01-23 09:37:14 Data Channel: using negotiated cipher 'AES-256-GCM' 2021-01-23 09:37:14 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2021-01-23 09:37:14 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2021-01-23 09:37:14 net_route_v4_best_gw query: dst 0.0.0.0 2021-01-23 09:37:14 net_route_v4_best_gw result: via 10.0.2.2 dev eth0 2021-01-23 09:37:14 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=eth0 HWADDR=08:00:27:3e:77:73 2021-01-23 09:37:14 GDG6: remote_host_ipv6=n/a 2021-01-23 09:37:14 net_route_v6_best_gw query: dst :: 2021-01-23 09:37:14 sitnl_send: rtnl: generic error (-101): Network is unreachable 2021-01-23 09:37:14 ROUTE6: default_gateway=UNDEF 2021-01-23 09:37:14 ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1) 2021-01-23 09:37:14 Exiting due to fatal error.
T: Connection Troubleshooting. The majority of VPN issues can be resolved using the steps suggested below. If you’re new to the platform, please consider reading about the VPN System we use at Hack The Box to familiarize yourself with it and maybe answer some of your questions: Throughout the troubleshooting guide, we have included log snippets from your OpenVPN initialization log. This log is printed out on your screen when you run the following command to start up your VPN session: sudo openvpn pack.ovpn . Before you start troubleshooting, make sure you have the OS updated and upgraded to rule out any underlying issues due to old software. Please make sure to verify if any of these mentioned log snippets appear on your own and take the appropriate action to resolve the issue. If you continue to have issues after trying the below steps, feel free to open a support ticket, and we will respond as soon as possible. I can't see any start/stop buttons next to Machines / Boxes. As a free user, you do not need the Start / Stop buttons to manipulate instances of machines. As long as you're properly connected to the VPN, you will be able to ping, scan and attack Active Boxes directly. As a VIP user, make sure you're connected to a VIP lab VPN. You can check this by opening your .ovpn file and checking the 4th line, and matching it against the lab mentioned on your dashboard at the top-right of the website. I have connected to the VPN successfully, but I can't ping/scan any of the tutorial / Starting Point Boxes. Please navigate to the top-right of the website and click on the button. It should say. Starting Point . Once there, you should see a green indicator showing that you are connected to the Starting Point lab. You can check which VPN server you are connected to by clicking on the Starting Point option in the VPN menu. I have recently switched to VIP, and I can't see the start/stop buttons next to Retired Boxes. If you are using the HTB Classic view, you can check what VPN server you are connected to on the Access Page . Click on the button below to view HTB Classic Access Page: Once there, make sure you're connected to a VIP server. After purchasing VIP , you will not be automatically assigned to VIP , and you will not have access to the Retired Boxes control until you've switched servers to the appropriate VIP ones. If you're on the new HTB V2 view, please select one of the VIP servers from the VPN selection menu at the top-right of the website. I’m experiencing high latency, and the connection with the boxes goes on and off every few minutes, or I can’t connect at all. Description: The inconsistent connection might be caused by orphaned OpenVPN processes battling over the control of TUN devices. Reboot your machine and make sure you only have one OpenVPN instance running at a time. OpenVPN assigns IP addresses to your newly created virtual interfaces . It creates TUN/TAP devices on-demand, so opening new instances when you have other orphaned OpenVPN processes makes OpenVPN try to add an IP address to an interface that already has assigned one, hence the error: File exists -> whereas the "File" is essentially an IP Address . Reboot your machine, make sure you only have one OpenVPN instance running at a time. I get the following error(s) when I initialize my OpenVPN connection. Description: IPv6 is a requirement for the connection to the labs. You are receiving this error because IPv6 is currently turned off for your Linux OS. If you see 0 at cat /proc/sys/net/ipv6/conf/all/disable_ipv6 that means you have it enabled. If you see 1, you can enable it by pressing the sysctl net.ipv6.conf.all.disable_ipv6=0 command. Description: OpenVPN requires root privileges to create virtual interfaces on demand. Invoke the command with sudo or run it as root .
Description: You have some commands inside the .ovpn file that OpenVPN doesn't recognize. Regenerate your OpenVPN connection pack from the Dashboard on the top-right of the website. Description: The path to the OpenVPN connection pack you specified is wrong. Either you're trying to invoke the .ovpn file while not being in the same directory as it is or the path you're specifying has a typo. If you downloaded the .ovpn file, it should be located in your Downloads folder as .ovpn . Run the command with the absolute path of the .ovpn file you're invoking. openvpn --config (path_to/your_openvpn/configuration_file.ovpn) Description: You're using Windows. Don't use Windows. Description: You're not able to connect to our internal OpenVPN network. Ensure you have a stable working network connection and that the .ovpn file's keys are not revoked. A regenerated OpenVPN connection pack is tied to a newly forged DHCP lease, so it will make all others obsolete. If there's a firewall on your network, whitelist our VPN services. If you're on campus or in a workplace setting, ask the network administrator to do so. If you live in a country that censors your internet, you can try another server or try to bypass the DPI by utilizing our implementation through editing your .ovpn file. Change proto udp to proto tcp. Change to Change to Alternatively, you can try switching servers to one of the other available ones hoping that your connection will establish to one of these other servers. Blank/incorrect Tag. Description: The certificate server has had some issues and is issuing empty or malformed tags. In some rare cases, connection packs may have a blank cert tag. If this happens to you, please open a support ticket so a team member can look into it, then switch your VPN server on the Access Page below to one of the other available servers for the Boxes you’re trying to reach. These have a low probability of having the same issue and will regain your access to the platform while our support team works on solving the issue. You can switch servers by visiting your Dashboard on the Machines / Boxes page, where the server selection menus are at the top-right. A different server might issue a correct .ovpn pack unless they are all affected. Please let staff know about this issue before you switch servers. Issues regarding empty tags are usually solved fast, depending on the time of the report, and the Technical Support team will announce the fix on the support ticket. Key Values Mismatch. Another uncommon issue you may come across is a key values mismatch error. If this happens to you, please open a support ticket. Cannot connect to OpenVPN after upgrade to 18.04. WARNING This solution is only for users who cannot upgrade the VPN server. If you have admin access to your VPN server, please upgrade it and generate new keys, otherwise you will lose VPN security! You need to add the following options in your OpenVPN config file: This seems to not be possible with the network-manager GUI tool (correct me if I'm wrong), so you need to export your network-manager config to a file using this command:
Then add the two options mentioned above to the end of the file, and launch openVPN from command line using this command: Once you verify that the connection is working again, you can import back your unpdated configuration file and continue to use the Network Manager to setup the tunnel (thanks Eineki): Thread: Unable to connect to openVPN server. Hello i am going to be as more specifig as i can. I am using Kali 2.0 amd 64bit on VirtualBox 5.0.10 with host system xubuntu 14.04 LTS. I am trying to connect to vpnbook openvpn european server #1 through vpnbook-euro1-tcp433.ovpn file which is contained in the downloadable archive VPNBook.com-OpenVPN-Euro1.zip. Other files in the archive include : vpnbook-euro1-tcp80.ovpn vpnbook-euro1-udp53.ovpn vpnbook-euro1-tcp25000.ovpn. Im running the following command on terminal as root and i get corresponding error : Options error: In [CMD-LINE]:1: Error opening configuration file : vpnbook-euro1-tcp433.ovpn. Note that other files seem to open properly and prompt me for credentials. Any help gladly appreciated, dealing with this 2 days now. View Profile View Forum Posts. View Profile View Forum Posts Private Message. View Profile View Forum Posts Private Message. Vpnbook. I was getting the same error and i found out it was just a simple mistake :P .. you may be doing the same as i was. So. I downloaded the OVPN files from vpnbook's site . i extracted the zipped bundle of 'ovpn' files on to the desktop.
You can also read