Cannot Establish Stable Connection

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
kntdwa
OpenVpn Newbie
Posts: 2
Joined: Sat Jun 25, 2022 12:04 pm

Cannot Establish Stable Connection

Post by kntdwa » Sat Jun 25, 2022 12:15 pm

Hi. Connecting using a ovpn file (this is from tryhackme) gives me the following logs.

Code: Select all

2022-06-25 18:53:40 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 
2022-06-25 18:53:40 Cannot find ovpn_dco netlink component: Object not found
2022-06-25 18:53:40 Note: Kernel support for ovpn-dco missing, disabling data channel offload.
2022-06-25 18:53:40 OpenVPN 2.6_git x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on May 30 2022
2022-06-25 18:53:40 library versions: OpenSSL 3.0.3 3 May 2022, LZO 2.10
2022-06-25 18:53:40 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA2-512' for HMAC authentication
2022-06-25 18:53:40 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA2-512' for HMAC authentication
2022-06-25 18:53:40 TCP/UDP: Preserving recently used remote address: [AF_INET]52.209.195.38:1194
2022-06-25 18:53:40 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-06-25 18:53:40 Note: enable extended error passing on TCP/UDP socket failed (IPV6_RECVERR): Protocol not available (errno=92)
2022-06-25 18:53:40 UDP link local: (not bound)
2022-06-25 18:53:40 UDP link remote: [AF_INET]52.209.195.38:1194
2022-06-25 18:53:41 TLS: Initial packet from [AF_INET]52.209.195.38:1194, sid=c9cb60ab 7f1f2782
2022-06-25 18:53:41 VERIFY OK: depth=1, CN=ChangeMe
2022-06-25 18:53:41 VERIFY KU OK
2022-06-25 18:53:41 Validating certificate extended key usage
2022-06-25 18:53:41 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-06-25 18:53:41 VERIFY EKU OK
2022-06-25 18:53:41 VERIFY OK: depth=0, CN=server
2022-06-25 18:53:41 WARNING: 'auth' is used inconsistently, local='auth SHA2-512', remote='auth SHA512'
2022-06-25 18:53:41 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-06-25 18:53:41 [server] Peer Connection Initiated with [AF_INET]52.209.195.38:1194
2022-06-25 18:53:42 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2022-06-25 18:53:42 PUSH: Received control message: 'PUSH_REPLY,route 10.200.25.0 255.255.255.0,route-metric 1000,route-gateway 10.50.23.1,topology subnet,ping 5,ping-restart 120,ifconfig 10.50.23.12 255.255.255.192,peer-id 1'
2022-06-25 18:53:42 net_route_v4_best_gw query: dst 0.0.0.0
2022-06-25 18:53:42 net_route_v4_best_gw result: via 10.0.2.2 dev eth0
2022-06-25 18:53:42 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=eth0 HWADDR=08:00:27:43:73:bc
2022-06-25 18:53:42 TUN/TAP device tun0 opened
2022-06-25 18:53:42 net_iface_mtu_set: mtu 1500 for tun0
2022-06-25 18:53:42 net_iface_up: set tun0 up
2022-06-25 18:53:42 net_addr_v4_add: 10.50.23.12/26 dev tun0
2022-06-25 18:53:42 net_route_v4_add: 10.200.25.0/24 via 10.50.23.1 dev [NULL] table 0 metric 1000
2022-06-25 18:53:42 OPTIONS IMPORT: timers and/or timeouts modified
2022-06-25 18:53:42 OPTIONS IMPORT: --ifconfig/up options modified
2022-06-25 18:53:42 OPTIONS IMPORT: route options modified
2022-06-25 18:53:42 OPTIONS IMPORT: route-related options modified
2022-06-25 18:53:42 OPTIONS IMPORT: peer-id set
2022-06-25 18:53:42 OPTIONS ERROR: failed to negotiate cipher with server.  Add the server's cipher ('AES-256-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.
2022-06-25 18:53:42 ERROR: Failed to apply push options
2022-06-25 18:53:42 Failed to open tun/tap interface
2022-06-25 18:53:42 SIGUSR1[soft,process-push-msg-failed] received, process restarting
2022-06-25 18:53:42 Restart pause, 5 second(s)
2022-06-25 18:53:47 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA2-512' for HMAC authentication
2022-06-25 18:53:47 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA2-512' for HMAC authentication
2022-06-25 18:53:47 TCP/UDP: Preserving recently used remote address: [AF_INET]52.209.195.38:1194
2022-06-25 18:53:47 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-06-25 18:53:47 Note: enable extended error passing on TCP/UDP socket failed (IPV6_RECVERR): Protocol not available (errno=92)
2022-06-25 18:53:47 UDP link local: (not bound)
2022-06-25 18:53:47 UDP link remote: [AF_INET]52.209.195.38:1194
2022-06-25 18:53:48 TLS: Initial packet from [AF_INET]52.209.195.38:1194, sid=cb650c2f a2ff4298
2022-06-25 18:53:48 VERIFY OK: depth=1, CN=ChangeMe
2022-06-25 18:53:48 VERIFY KU OK
2022-06-25 18:53:48 Validating certificate extended key usage
2022-06-25 18:53:48 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-06-25 18:53:48 VERIFY EKU OK
2022-06-25 18:53:48 VERIFY OK: depth=0, CN=server
2022-06-25 18:53:48 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1604', remote='link-mtu 1601'
2022-06-25 18:53:48 WARNING: 'auth' is used inconsistently, local='auth SHA2-512', remote='auth SHA512'
2022-06-25 18:53:48 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-06-25 18:53:48 [server] Peer Connection Initiated with [AF_INET]52.209.195.38:1194
^C2022-06-25 18:53:49 event_wait : Interrupted system call (fd=-1,code=4)
2022-06-25 18:53:49 SIGTERM received, sending exit notification to peer
2022-06-25 18:53:49 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2022-06-25 18:53:49 PUSH: Received control message: 'PUSH_REPLY,route 10.200.25.0 255.255.255.0,route-metric 1000,route-gateway 10.50.23.1,topology subnet,ping 5,ping-restart 120,ifconfig 10.50.23.12 255.255.255.192,peer-id 0'
2022-06-25 18:53:49 Preserving previous TUN/TAP instance: tun0
2022-06-25 18:53:49 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
2022-06-25 18:53:49 net_route_v4_del: 10.200.25.0/24 via 10.50.23.1 dev [NULL] table 0 metric 1000
2022-06-25 18:53:49 Closing TUN/TAP interface
2022-06-25 18:53:49 net_addr_v4_del: 10.50.23.12 dev tun0
From what I understand, there's an issue with the cipher negotiation. The tun0 gets an IP address and THM sees it but I cannot connect to any VMs. I've already tried the fixes suggested to other related questions but I still have no success.

Thanks in advance.

kntdwa
OpenVpn Newbie
Posts: 2
Joined: Sat Jun 25, 2022 12:04 pm

Re: Cannot Establish Stable Connection

Post by kntdwa » Sat Jun 25, 2022 12:43 pm

Turns out I'm using version 2.6. I reinstalled with version 2.5.7 and it went well. I haven't looked into the details yet on what's wrong on the initial version.

Post Reply