I have a problem with openvpn on kali linux.

[universecloud]

The problem starts when i do "apt update && apt upgrade -y". Updating is important so i'd rather be there.

The problem seems easy but i can't seem to find the config file of openvpn to add a cipher. The error i keep getting is:

DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.

Since openvpn was installed with the kali linux, i have no idea where the file is. I used "locate openvpn.conf" and "find / -type f -name openvpn.conf" i got nothing.. maybe im doing it all wrong idk.. never encountered this before and i need to get this fixed so i can practice for my certification.

==================================================================================================================
==================================================================================================================

Here is the rest of the message (not sure if there is anything else).
==================================================================================================================

2022-06-23 19:28:48 Cannot find ovpn_dco netlink component: Object not found
2022-06-23 19:28:48 Note: Kernel support for ovpn-dco missing, disabling data channel offload.
2022-06-23 19:28:48 OpenVPN 2.6_git x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on May 30 2022
2022-06-23 19:28:48 library versions: OpenSSL 3.0.3 3 May 2022, LZO 2.10
2022-06-23 19:28:48 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA2-512' for HMAC authentication
2022-06-23 19:28:48 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA2-512' for HMAC authentication
2022-06-23 19:28:48 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2022-06-23 19:28:48 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-06-23 19:28:48 Note: enable extended error passing on TCP/UDP socket failed (IPV6_RECVERR): Protocol not available (errno=92)
2022-06-23 19:28:48 UDP link local: (not bound)
2022-06-23 19:28:48 UDP link remote: [AF_INET]x.x.x.x:1194
2022-06-23 19:28:48 TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=96b838dc d82a37d8
2022-06-23 19:28:49 VERIFY OK: depth=1, CN=ChangeMe
2022-06-23 19:28:49 VERIFY KU OK
2022-06-23 19:28:49 Validating certificate extended key usage
2022-06-23 19:28:49 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-06-23 19:28:49 VERIFY EKU OK
2022-06-23 19:28:49 VERIFY OK: depth=0, CN=server
2022-06-23 19:28:49 WARNING: 'auth' is used inconsistently, local='auth SHA2-512', remote='auth SHA512'
2022-06-23 19:28:49 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-06-23 19:28:49 [server] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
2022-06-23 19:28:50 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2022-06-23 19:28:50 PUSH: Received control message: 'PUSH_REPLY,route 10.10.0.0 255.255.0.0,route 10.1.0.0 255.255.0.0,route-metric 1000,route-gateway 10.13.0.1,topology subnet,ping 5,ping-restart 120,ifconfig 10.13.43.180 255.255.128.0,peer-id 39'
2022-06-23 19:28:50 net_route_v4_best_gw query: dst 0.0.0.0
2022-06-23 19:28:50 net_route_v4_best_gw result: via 10.0.2.2 dev eth0
2022-06-23 19:28:50 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=eth0 HWADDR=08:00:27:60:6e:01
2022-06-23 19:28:50 TUN/TAP device tun0 opened
2022-06-23 19:28:50 net_iface_mtu_set: mtu 1500 for tun0
2022-06-23 19:28:50 net_iface_up: set tun0 up
2022-06-23 19:28:50 net_addr_v4_add: 10.13.43.180/17 dev tun0
2022-06-23 19:28:50 net_route_v4_add: 10.10.0.0/16 via 10.13.0.1 dev [NULL] table 0 metric 1000
2022-06-23 19:28:50 net_route_v4_add: 10.1.0.0/16 via 10.13.0.1 dev [NULL] table 0 metric 1000
2022-06-23 19:28:50 OPTIONS IMPORT: timers and/or timeouts modified
2022-06-23 19:28:50 OPTIONS IMPORT: --ifconfig/up options modified
2022-06-23 19:28:50 OPTIONS IMPORT: route options modified
2022-06-23 19:28:50 OPTIONS IMPORT: route-related options modified
2022-06-23 19:28:50 OPTIONS IMPORT: peer-id set

[TinCanTech]

What is the actual problem

The problem seems easy but i can't seem to find the config file of openvpn

Check with kali linux, where they package it.

[boomshankerx]

Kali updated openvpn to v2.6:
openvpn/kali-rolling,now 2.6.0~git20220518+dco-2 amd64

Several settings have been modified or depricated
--cipher has been deprecated and replaced with --data-ciphers

The error is in the ovpn client configuration file used to connect to the vpn server.
The command you're looking for is:

Code: Select all

find / -type f -name '*.ovpn' -print 2>/dev/null

I can see you are trying to access TryHackMe vpn server. Delete the cipher line and add:

Code: Select all

data-ciphers AES-256-CBC:AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305

[TinCanTech]

OpenVPN version 2.6 is not a stable release and is not supported.

kali linux maintainers are responsible for their decision to ship development software.

[shinc4493]

A corrupt or incomplete ISO download, not enough disk space on the target machine so click the Network Manager icon in the top right corner of the screen from the Desktop. Then from the drop-down menu, select Import a saved VPN configuration.

[universecloud]

Kali updated openvpn to v2.6:
openvpn/kali-rolling,now 2.6.0~git20220518+dco-2 amd64

Several settings have been modified or depricated
--cipher has been deprecated and replaced with --data-ciphers

The error is in the ovpn client configuration file used to connect to the vpn server.
The command you're looking for is:

Code: Select all

find / -type f -name '*.ovpn' -print 2>/dev/null

I can see you are trying to access TryHackMe vpn server. Delete the cipher line and add:

Code: Select all

data-ciphers AES-256-CBC:AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305

THANK YOU SO MUCH! Saved for future reference.

I still have to ask, why did you add "-print 2>/dev/null" what's its purpose here?

[boomshankerx]

Try running the command without 2>/dev/null. Depending on if you are running as root you may see a bunch of permission denied entries polluting your results. 2>/dev/null redirects stderr to /dev/null (blackhole) effectively filtering out the permission denied entries. You won't see as many of these if you are running as root so it might seem unnecessary.

-print probably isn't necessary as it is the default behavior when find is run without other expressions. It's a habit from running find in more complicated ways.
https://unix.stackexchange.com/question ... find-print

[boomshankerx]

OpenVPN version 2.6 is not a stable release and is not supported.

kali linux maintainers are responsible for their decision to ship development software.

Agreed. Not sure the decision to move to 2.6 was a great choice.

[TinCanTech]

Not sure the decision to move to 2.6 was a great choice

A decision that says a lot about the Kali maintainers ..

https://community.openvpn.net/openvpn/w ... edVersions

[boomshankerx]

I'm poking around in the kali forums and irc to see if it was a mistake or if there is a reasonable explanation.

https://bugs.kali.org/view.php?id=7768

Turns out that this issue originates from debian testing which integrates openvpn 2.6

https://tracker.debian.org/pkg/openvpn

[TinCanTech]

Excluding your comment, that is not a bug report it is a joke.