I have a problem with openvpn on kali linux.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Jun 23, 2022 11:38 pm
I have a problem with openvpn on kali linux.
The problem starts when i do "apt update && apt upgrade -y". Updating is important so i'd rather be there.
The problem seems easy but i can't seem to find the config file of openvpn to add a cipher. The error i keep getting is:
DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
Since openvpn was installed with the kali linux, i have no idea where the file is. I used "locate openvpn.conf" and "find / -type f -name openvpn.conf" i got nothing.. maybe im doing it all wrong idk.. never encountered this before and i need to get this fixed so i can practice for my certification.
==================================================================================================================
==================================================================================================================
Here is the rest of the message (not sure if there is anything else).
==================================================================================================================
2022-06-23 19:28:48 Cannot find ovpn_dco netlink component: Object not found
2022-06-23 19:28:48 Note: Kernel support for ovpn-dco missing, disabling data channel offload.
2022-06-23 19:28:48 OpenVPN 2.6_git x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on May 30 2022
2022-06-23 19:28:48 library versions: OpenSSL 3.0.3 3 May 2022, LZO 2.10
2022-06-23 19:28:48 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA2-512' for HMAC authentication
2022-06-23 19:28:48 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA2-512' for HMAC authentication
2022-06-23 19:28:48 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2022-06-23 19:28:48 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-06-23 19:28:48 Note: enable extended error passing on TCP/UDP socket failed (IPV6_RECVERR): Protocol not available (errno=92)
2022-06-23 19:28:48 UDP link local: (not bound)
2022-06-23 19:28:48 UDP link remote: [AF_INET]x.x.x.x:1194
2022-06-23 19:28:48 TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=96b838dc d82a37d8
2022-06-23 19:28:49 VERIFY OK: depth=1, CN=ChangeMe
2022-06-23 19:28:49 VERIFY KU OK
2022-06-23 19:28:49 Validating certificate extended key usage
2022-06-23 19:28:49 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-06-23 19:28:49 VERIFY EKU OK
2022-06-23 19:28:49 VERIFY OK: depth=0, CN=server
2022-06-23 19:28:49 WARNING: 'auth' is used inconsistently, local='auth SHA2-512', remote='auth SHA512'
2022-06-23 19:28:49 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-06-23 19:28:49 [server] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
2022-06-23 19:28:50 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2022-06-23 19:28:50 PUSH: Received control message: 'PUSH_REPLY,route 10.10.0.0 255.255.0.0,route 10.1.0.0 255.255.0.0,route-metric 1000,route-gateway 10.13.0.1,topology subnet,ping 5,ping-restart 120,ifconfig 10.13.43.180 255.255.128.0,peer-id 39'
2022-06-23 19:28:50 net_route_v4_best_gw query: dst 0.0.0.0
2022-06-23 19:28:50 net_route_v4_best_gw result: via 10.0.2.2 dev eth0
2022-06-23 19:28:50 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=eth0 HWADDR=08:00:27:60:6e:01
2022-06-23 19:28:50 TUN/TAP device tun0 opened
2022-06-23 19:28:50 net_iface_mtu_set: mtu 1500 for tun0
2022-06-23 19:28:50 net_iface_up: set tun0 up
2022-06-23 19:28:50 net_addr_v4_add: 10.13.43.180/17 dev tun0
2022-06-23 19:28:50 net_route_v4_add: 10.10.0.0/16 via 10.13.0.1 dev [NULL] table 0 metric 1000
2022-06-23 19:28:50 net_route_v4_add: 10.1.0.0/16 via 10.13.0.1 dev [NULL] table 0 metric 1000
2022-06-23 19:28:50 OPTIONS IMPORT: timers and/or timeouts modified
2022-06-23 19:28:50 OPTIONS IMPORT: --ifconfig/up options modified
2022-06-23 19:28:50 OPTIONS IMPORT: route options modified
2022-06-23 19:28:50 OPTIONS IMPORT: route-related options modified
2022-06-23 19:28:50 OPTIONS IMPORT: peer-id set
The problem seems easy but i can't seem to find the config file of openvpn to add a cipher. The error i keep getting is:
DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
Since openvpn was installed with the kali linux, i have no idea where the file is. I used "locate openvpn.conf" and "find / -type f -name openvpn.conf" i got nothing.. maybe im doing it all wrong idk.. never encountered this before and i need to get this fixed so i can practice for my certification.
==================================================================================================================
==================================================================================================================
Here is the rest of the message (not sure if there is anything else).
==================================================================================================================
2022-06-23 19:28:48 Cannot find ovpn_dco netlink component: Object not found
2022-06-23 19:28:48 Note: Kernel support for ovpn-dco missing, disabling data channel offload.
2022-06-23 19:28:48 OpenVPN 2.6_git x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on May 30 2022
2022-06-23 19:28:48 library versions: OpenSSL 3.0.3 3 May 2022, LZO 2.10
2022-06-23 19:28:48 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA2-512' for HMAC authentication
2022-06-23 19:28:48 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA2-512' for HMAC authentication
2022-06-23 19:28:48 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2022-06-23 19:28:48 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-06-23 19:28:48 Note: enable extended error passing on TCP/UDP socket failed (IPV6_RECVERR): Protocol not available (errno=92)
2022-06-23 19:28:48 UDP link local: (not bound)
2022-06-23 19:28:48 UDP link remote: [AF_INET]x.x.x.x:1194
2022-06-23 19:28:48 TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=96b838dc d82a37d8
2022-06-23 19:28:49 VERIFY OK: depth=1, CN=ChangeMe
2022-06-23 19:28:49 VERIFY KU OK
2022-06-23 19:28:49 Validating certificate extended key usage
2022-06-23 19:28:49 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-06-23 19:28:49 VERIFY EKU OK
2022-06-23 19:28:49 VERIFY OK: depth=0, CN=server
2022-06-23 19:28:49 WARNING: 'auth' is used inconsistently, local='auth SHA2-512', remote='auth SHA512'
2022-06-23 19:28:49 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-06-23 19:28:49 [server] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
2022-06-23 19:28:50 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2022-06-23 19:28:50 PUSH: Received control message: 'PUSH_REPLY,route 10.10.0.0 255.255.0.0,route 10.1.0.0 255.255.0.0,route-metric 1000,route-gateway 10.13.0.1,topology subnet,ping 5,ping-restart 120,ifconfig 10.13.43.180 255.255.128.0,peer-id 39'
2022-06-23 19:28:50 net_route_v4_best_gw query: dst 0.0.0.0
2022-06-23 19:28:50 net_route_v4_best_gw result: via 10.0.2.2 dev eth0
2022-06-23 19:28:50 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=eth0 HWADDR=08:00:27:60:6e:01
2022-06-23 19:28:50 TUN/TAP device tun0 opened
2022-06-23 19:28:50 net_iface_mtu_set: mtu 1500 for tun0
2022-06-23 19:28:50 net_iface_up: set tun0 up
2022-06-23 19:28:50 net_addr_v4_add: 10.13.43.180/17 dev tun0
2022-06-23 19:28:50 net_route_v4_add: 10.10.0.0/16 via 10.13.0.1 dev [NULL] table 0 metric 1000
2022-06-23 19:28:50 net_route_v4_add: 10.1.0.0/16 via 10.13.0.1 dev [NULL] table 0 metric 1000
2022-06-23 19:28:50 OPTIONS IMPORT: timers and/or timeouts modified
2022-06-23 19:28:50 OPTIONS IMPORT: --ifconfig/up options modified
2022-06-23 19:28:50 OPTIONS IMPORT: route options modified
2022-06-23 19:28:50 OPTIONS IMPORT: route-related options modified
2022-06-23 19:28:50 OPTIONS IMPORT: peer-id set
Last edited by Pippin on Sat Jun 25, 2022 1:57 pm, edited 1 time in total.
Reason: Editted on poster request
Reason: Editted on poster request
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: I have a problem with openvpn on kali linux.
What is the actual problem
Check with kali linux, where they package it.universecloud wrote: ↑Thu Jun 23, 2022 11:46 pmThe problem seems easy but i can't seem to find the config file of openvpn
-
- OpenVpn Newbie
- Posts: 4
- Joined: Fri Jun 24, 2022 5:05 am
Re: I have a problem with openvpn on kali linux.
Kali updated openvpn to v2.6:
openvpn/kali-rolling,now 2.6.0~git20220518+dco-2 amd64
Several settings have been modified or depricated
--cipher has been deprecated and replaced with --data-ciphers
The error is in the ovpn client configuration file used to connect to the vpn server.
The command you're looking for is:
I can see you are trying to access TryHackMe vpn server. Delete the cipher line and add:
openvpn/kali-rolling,now 2.6.0~git20220518+dco-2 amd64
Several settings have been modified or depricated
--cipher has been deprecated and replaced with --data-ciphers
The error is in the ovpn client configuration file used to connect to the vpn server.
The command you're looking for is:
Code: Select all
find / -type f -name '*.ovpn' -print 2>/dev/null
Code: Select all
data-ciphers AES-256-CBC:AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: I have a problem with openvpn on kali linux.
OpenVPN version 2.6 is not a stable release and is not supported.
kali linux maintainers are responsible for their decision to ship development software.
kali linux maintainers are responsible for their decision to ship development software.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Jun 23, 2022 11:38 pm
Re: I have a problem with openvpn on kali linux.
THANK YOU SO MUCH! Saved for future reference.boomshankerx wrote: ↑Fri Jun 24, 2022 5:15 amKali updated openvpn to v2.6:
openvpn/kali-rolling,now 2.6.0~git20220518+dco-2 amd64
Several settings have been modified or depricated
--cipher has been deprecated and replaced with --data-ciphers
The error is in the ovpn client configuration file used to connect to the vpn server.
The command you're looking for is:I can see you are trying to access TryHackMe vpn server. Delete the cipher line and add:Code: Select all
find / -type f -name '*.ovpn' -print 2>/dev/null
Code: Select all
data-ciphers AES-256-CBC:AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
I still have to ask, why did you add "-print 2>/dev/null" what's its purpose here?
-
- OpenVpn Newbie
- Posts: 4
- Joined: Fri Jun 24, 2022 5:05 am
Re: I have a problem with openvpn on kali linux.
Try running the command without 2>/dev/null. Depending on if you are running as root you may see a bunch of permission denied entries polluting your results. 2>/dev/null redirects stderr to /dev/null (blackhole) effectively filtering out the permission denied entries. You won't see as many of these if you are running as root so it might seem unnecessary.
-print probably isn't necessary as it is the default behavior when find is run without other expressions. It's a habit from running find in more complicated ways.
https://unix.stackexchange.com/question ... find-print
-print probably isn't necessary as it is the default behavior when find is run without other expressions. It's a habit from running find in more complicated ways.
https://unix.stackexchange.com/question ... find-print
-
- OpenVpn Newbie
- Posts: 4
- Joined: Fri Jun 24, 2022 5:05 am
Re: I have a problem with openvpn on kali linux.
Agreed. Not sure the decision to move to 2.6 was a great choice.TinCanTech wrote: ↑Fri Jun 24, 2022 9:31 amOpenVPN version 2.6 is not a stable release and is not supported.
kali linux maintainers are responsible for their decision to ship development software.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: I have a problem with openvpn on kali linux.
A decision that says a lot about the Kali maintainers ..boomshankerx wrote: ↑Sat Jun 25, 2022 4:47 pmNot sure the decision to move to 2.6 was a great choice
https://community.openvpn.net/openvpn/w ... edVersions
-
- OpenVpn Newbie
- Posts: 4
- Joined: Fri Jun 24, 2022 5:05 am
Re: I have a problem with openvpn on kali linux.
I'm poking around in the kali forums and irc to see if it was a mistake or if there is a reasonable explanation.
https://bugs.kali.org/view.php?id=7768
Turns out that this issue originates from debian testing which integrates openvpn 2.6
https://tracker.debian.org/pkg/openvpn
https://bugs.kali.org/view.php?id=7768
Turns out that this issue originates from debian testing which integrates openvpn 2.6
https://tracker.debian.org/pkg/openvpn
Last edited by boomshankerx on Sat Jun 25, 2022 9:47 pm, edited 1 time in total.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: I have a problem with openvpn on kali linux.
Excluding your comment, that is not a bug report it is a joke.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Nov 15, 2022 12:50 am
Re: I have a problem with openvpn on kali linux.
Tried all above advised but still no go; Always giving same error; tried with different servers as well. Uninstall and then reinstall
Please help me to overcome this; spend almost 2 hours to fix this.
2-11-15 11:17:56 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-11-15 11:17:56 OpenVPN 2.5.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 5 2022
2022-11-15 11:17:56 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2022-11-15 11:17:56 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-11-15 11:17:56 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-11-15 11:17:56 TCP/UDP: Preserving recently used remote address: [AF_INET]54.76.30.11:1194
2022-11-15 11:17:56 Socket Buffers: R=[212992->425984] S=[212992->425984]
2022-11-15 11:17:56 UDP link local: (not bound)
2022-11-15 11:17:56 UDP link remote: [AF_INET]54.76.30.11:1194
2022-11-15 11:18:56 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-15 11:18:56 TLS Error: TLS handshake failed
2022-11-15 11:18:56 SIGUSR1[soft,tls-error] received, process restarting
2022-11-15 11:18:56 Restart pause, 5 second(s)
Please help me to overcome this; spend almost 2 hours to fix this.
2-11-15 11:17:56 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-11-15 11:17:56 OpenVPN 2.5.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 5 2022
2022-11-15 11:17:56 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2022-11-15 11:17:56 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-11-15 11:17:56 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-11-15 11:17:56 TCP/UDP: Preserving recently used remote address: [AF_INET]54.76.30.11:1194
2022-11-15 11:17:56 Socket Buffers: R=[212992->425984] S=[212992->425984]
2022-11-15 11:17:56 UDP link local: (not bound)
2022-11-15 11:17:56 UDP link remote: [AF_INET]54.76.30.11:1194
2022-11-15 11:18:56 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-15 11:18:56 TLS Error: TLS handshake failed
2022-11-15 11:18:56 SIGUSR1[soft,tls-error] received, process restarting
2022-11-15 11:18:56 Restart pause, 5 second(s)