I have a problem with openvpn on kali linux.

This forum is for general conversation and user-user networking.
Post Reply
universecloud
OpenVpn Newbie
Posts: 2
Joined: Thu Jun 23, 2022 11:38 pm

I have a problem with openvpn on kali linux.

Post by universecloud » Thu Jun 23, 2022 11:46 pm

The problem starts when i do "apt update && apt upgrade -y". Updating is important so i'd rather be there.

The problem seems easy but i can't seem to find the config file of openvpn to add a cipher. The error i keep getting is:

DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.

Since openvpn was installed with the kali linux, i have no idea where the file is. I used "locate openvpn.conf" and "find / -type f -name openvpn.conf" i got nothing.. maybe im doing it all wrong idk.. never encountered this before and i need to get this fixed so i can practice for my certification.

==================================================================================================================
==================================================================================================================

Here is the rest of the message (not sure if there is anything else).
==================================================================================================================

2022-06-23 19:28:48 Cannot find ovpn_dco netlink component: Object not found
2022-06-23 19:28:48 Note: Kernel support for ovpn-dco missing, disabling data channel offload.
2022-06-23 19:28:48 OpenVPN 2.6_git x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on May 30 2022
2022-06-23 19:28:48 library versions: OpenSSL 3.0.3 3 May 2022, LZO 2.10
2022-06-23 19:28:48 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA2-512' for HMAC authentication
2022-06-23 19:28:48 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA2-512' for HMAC authentication
2022-06-23 19:28:48 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2022-06-23 19:28:48 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-06-23 19:28:48 Note: enable extended error passing on TCP/UDP socket failed (IPV6_RECVERR): Protocol not available (errno=92)
2022-06-23 19:28:48 UDP link local: (not bound)
2022-06-23 19:28:48 UDP link remote: [AF_INET]x.x.x.x:1194
2022-06-23 19:28:48 TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=96b838dc d82a37d8
2022-06-23 19:28:49 VERIFY OK: depth=1, CN=ChangeMe
2022-06-23 19:28:49 VERIFY KU OK
2022-06-23 19:28:49 Validating certificate extended key usage
2022-06-23 19:28:49 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-06-23 19:28:49 VERIFY EKU OK
2022-06-23 19:28:49 VERIFY OK: depth=0, CN=server
2022-06-23 19:28:49 WARNING: 'auth' is used inconsistently, local='auth SHA2-512', remote='auth SHA512'
2022-06-23 19:28:49 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-06-23 19:28:49 [server] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
2022-06-23 19:28:50 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2022-06-23 19:28:50 PUSH: Received control message: 'PUSH_REPLY,route 10.10.0.0 255.255.0.0,route 10.1.0.0 255.255.0.0,route-metric 1000,route-gateway 10.13.0.1,topology subnet,ping 5,ping-restart 120,ifconfig 10.13.43.180 255.255.128.0,peer-id 39'
2022-06-23 19:28:50 net_route_v4_best_gw query: dst 0.0.0.0
2022-06-23 19:28:50 net_route_v4_best_gw result: via 10.0.2.2 dev eth0
2022-06-23 19:28:50 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=eth0 HWADDR=08:00:27:60:6e:01
2022-06-23 19:28:50 TUN/TAP device tun0 opened
2022-06-23 19:28:50 net_iface_mtu_set: mtu 1500 for tun0
2022-06-23 19:28:50 net_iface_up: set tun0 up
2022-06-23 19:28:50 net_addr_v4_add: 10.13.43.180/17 dev tun0
2022-06-23 19:28:50 net_route_v4_add: 10.10.0.0/16 via 10.13.0.1 dev [NULL] table 0 metric 1000
2022-06-23 19:28:50 net_route_v4_add: 10.1.0.0/16 via 10.13.0.1 dev [NULL] table 0 metric 1000
2022-06-23 19:28:50 OPTIONS IMPORT: timers and/or timeouts modified
2022-06-23 19:28:50 OPTIONS IMPORT: --ifconfig/up options modified
2022-06-23 19:28:50 OPTIONS IMPORT: route options modified
2022-06-23 19:28:50 OPTIONS IMPORT: route-related options modified
2022-06-23 19:28:50 OPTIONS IMPORT: peer-id set
Last edited by Pippin on Sat Jun 25, 2022 1:57 pm, edited 1 time in total.
Reason: Editted on poster request

User avatar
TinCanTech
Forum Team
Posts: 10969
Joined: Fri Jun 03, 2016 1:17 pm

Re: I have a problem with openvpn on kali linux.

Post by TinCanTech » Fri Jun 24, 2022 12:56 am

What is the actual problem
universecloud wrote:
Thu Jun 23, 2022 11:46 pm
The problem seems easy but i can't seem to find the config file of openvpn
Check with kali linux, where they package it.

boomshankerx
OpenVpn Newbie
Posts: 4
Joined: Fri Jun 24, 2022 5:05 am

Re: I have a problem with openvpn on kali linux.

Post by boomshankerx » Fri Jun 24, 2022 5:15 am

Kali updated openvpn to v2.6:
openvpn/kali-rolling,now 2.6.0~git20220518+dco-2 amd64

Several settings have been modified or depricated
--cipher has been deprecated and replaced with --data-ciphers

The error is in the ovpn client configuration file used to connect to the vpn server.
The command you're looking for is:

Code: Select all

find / -type f -name '*.ovpn' -print 2>/dev/null
I can see you are trying to access TryHackMe vpn server. Delete the cipher line and add:

Code: Select all

data-ciphers AES-256-CBC:AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305

User avatar
TinCanTech
Forum Team
Posts: 10969
Joined: Fri Jun 03, 2016 1:17 pm

Re: I have a problem with openvpn on kali linux.

Post by TinCanTech » Fri Jun 24, 2022 9:31 am

OpenVPN version 2.6 is not a stable release and is not supported.

kali linux maintainers are responsible for their decision to ship development software.

shinc4493
OpenVpn Newbie
Posts: 6
Joined: Fri Jun 24, 2022 10:49 am

Re: I have a problem with openvpn on kali linux.

Post by shinc4493 » Fri Jun 24, 2022 12:35 pm

A corrupt or incomplete ISO download, not enough disk space on the target machine so click the Network Manager icon in the top right corner of the screen from the Desktop. Then from the drop-down menu, select Import a saved VPN configuration.

universecloud
OpenVpn Newbie
Posts: 2
Joined: Thu Jun 23, 2022 11:38 pm

Re: I have a problem with openvpn on kali linux.

Post by universecloud » Fri Jun 24, 2022 1:30 pm

boomshankerx wrote:
Fri Jun 24, 2022 5:15 am
Kali updated openvpn to v2.6:
openvpn/kali-rolling,now 2.6.0~git20220518+dco-2 amd64

Several settings have been modified or depricated
--cipher has been deprecated and replaced with --data-ciphers

The error is in the ovpn client configuration file used to connect to the vpn server.
The command you're looking for is:

Code: Select all

find / -type f -name '*.ovpn' -print 2>/dev/null
I can see you are trying to access TryHackMe vpn server. Delete the cipher line and add:

Code: Select all

data-ciphers AES-256-CBC:AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
THANK YOU SO MUCH! Saved for future reference.

I still have to ask, why did you add "-print 2>/dev/null" what's its purpose here?

boomshankerx
OpenVpn Newbie
Posts: 4
Joined: Fri Jun 24, 2022 5:05 am

Re: I have a problem with openvpn on kali linux.

Post by boomshankerx » Sat Jun 25, 2022 4:30 pm

Try running the command without 2>/dev/null. Depending on if you are running as root you may see a bunch of permission denied entries polluting your results. 2>/dev/null redirects stderr to /dev/null (blackhole) effectively filtering out the permission denied entries. You won't see as many of these if you are running as root so it might seem unnecessary.

-print probably isn't necessary as it is the default behavior when find is run without other expressions. It's a habit from running find in more complicated ways.
https://unix.stackexchange.com/question ... find-print

boomshankerx
OpenVpn Newbie
Posts: 4
Joined: Fri Jun 24, 2022 5:05 am

Re: I have a problem with openvpn on kali linux.

Post by boomshankerx » Sat Jun 25, 2022 4:47 pm

TinCanTech wrote:
Fri Jun 24, 2022 9:31 am
OpenVPN version 2.6 is not a stable release and is not supported.

kali linux maintainers are responsible for their decision to ship development software.
Agreed. Not sure the decision to move to 2.6 was a great choice.

User avatar
TinCanTech
Forum Team
Posts: 10969
Joined: Fri Jun 03, 2016 1:17 pm

Re: I have a problem with openvpn on kali linux.

Post by TinCanTech » Sat Jun 25, 2022 5:37 pm

boomshankerx wrote:
Sat Jun 25, 2022 4:47 pm
Not sure the decision to move to 2.6 was a great choice
A decision that says a lot about the Kali maintainers ..

https://community.openvpn.net/openvpn/w ... edVersions

boomshankerx
OpenVpn Newbie
Posts: 4
Joined: Fri Jun 24, 2022 5:05 am

Re: I have a problem with openvpn on kali linux.

Post by boomshankerx » Sat Jun 25, 2022 9:01 pm

I'm poking around in the kali forums and irc to see if it was a mistake or if there is a reasonable explanation.

https://bugs.kali.org/view.php?id=7768

Turns out that this issue originates from debian testing which integrates openvpn 2.6

https://tracker.debian.org/pkg/openvpn
Last edited by boomshankerx on Sat Jun 25, 2022 9:47 pm, edited 1 time in total.

User avatar
TinCanTech
Forum Team
Posts: 10969
Joined: Fri Jun 03, 2016 1:17 pm

Re: I have a problem with openvpn on kali linux.

Post by TinCanTech » Sat Jun 25, 2022 9:33 pm

Excluding your comment, that is not a bug report it is a joke.

Post Reply