I have a problem with openvpn on kali linux.

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
universecloud
OpenVpn Newbie
Posts: 2
Joined: Thu Jun 23, 2022 11:38 pm

I have a problem with openvpn on kali linux.

Post by universecloud » Thu Jun 23, 2022 11:46 pm

The problem starts when i do "apt update && apt upgrade -y". Updating is important so i'd rather be there.

The problem seems easy but i can't seem to find the config file of openvpn to add a cipher. The error i keep getting is:

DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.

Since openvpn was installed with the kali linux, i have no idea where the file is. I used "locate openvpn.conf" and "find / -type f -name openvpn.conf" i got nothing.. maybe im doing it all wrong idk.. never encountered this before and i need to get this fixed so i can practice for my certification.

==================================================================================================================
==================================================================================================================

Here is the rest of the message (not sure if there is anything else).
==================================================================================================================

2022-06-23 19:28:48 Cannot find ovpn_dco netlink component: Object not found
2022-06-23 19:28:48 Note: Kernel support for ovpn-dco missing, disabling data channel offload.
2022-06-23 19:28:48 OpenVPN 2.6_git x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on May 30 2022
2022-06-23 19:28:48 library versions: OpenSSL 3.0.3 3 May 2022, LZO 2.10
2022-06-23 19:28:48 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA2-512' for HMAC authentication
2022-06-23 19:28:48 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA2-512' for HMAC authentication
2022-06-23 19:28:48 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2022-06-23 19:28:48 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-06-23 19:28:48 Note: enable extended error passing on TCP/UDP socket failed (IPV6_RECVERR): Protocol not available (errno=92)
2022-06-23 19:28:48 UDP link local: (not bound)
2022-06-23 19:28:48 UDP link remote: [AF_INET]x.x.x.x:1194
2022-06-23 19:28:48 TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=96b838dc d82a37d8
2022-06-23 19:28:49 VERIFY OK: depth=1, CN=ChangeMe
2022-06-23 19:28:49 VERIFY KU OK
2022-06-23 19:28:49 Validating certificate extended key usage
2022-06-23 19:28:49 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-06-23 19:28:49 VERIFY EKU OK
2022-06-23 19:28:49 VERIFY OK: depth=0, CN=server
2022-06-23 19:28:49 WARNING: 'auth' is used inconsistently, local='auth SHA2-512', remote='auth SHA512'
2022-06-23 19:28:49 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-06-23 19:28:49 [server] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
2022-06-23 19:28:50 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2022-06-23 19:28:50 PUSH: Received control message: 'PUSH_REPLY,route 10.10.0.0 255.255.0.0,route 10.1.0.0 255.255.0.0,route-metric 1000,route-gateway 10.13.0.1,topology subnet,ping 5,ping-restart 120,ifconfig 10.13.43.180 255.255.128.0,peer-id 39'
2022-06-23 19:28:50 net_route_v4_best_gw query: dst 0.0.0.0
2022-06-23 19:28:50 net_route_v4_best_gw result: via 10.0.2.2 dev eth0
2022-06-23 19:28:50 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=eth0 HWADDR=08:00:27:60:6e:01
2022-06-23 19:28:50 TUN/TAP device tun0 opened
2022-06-23 19:28:50 net_iface_mtu_set: mtu 1500 for tun0
2022-06-23 19:28:50 net_iface_up: set tun0 up
2022-06-23 19:28:50 net_addr_v4_add: 10.13.43.180/17 dev tun0
2022-06-23 19:28:50 net_route_v4_add: 10.10.0.0/16 via 10.13.0.1 dev [NULL] table 0 metric 1000
2022-06-23 19:28:50 net_route_v4_add: 10.1.0.0/16 via 10.13.0.1 dev [NULL] table 0 metric 1000
2022-06-23 19:28:50 OPTIONS IMPORT: timers and/or timeouts modified
2022-06-23 19:28:50 OPTIONS IMPORT: --ifconfig/up options modified
2022-06-23 19:28:50 OPTIONS IMPORT: route options modified
2022-06-23 19:28:50 OPTIONS IMPORT: route-related options modified
2022-06-23 19:28:50 OPTIONS IMPORT: peer-id set
Last edited by Pippin on Sat Jun 25, 2022 1:57 pm, edited 1 time in total.
Reason: Editted on poster request

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: I have a problem with openvpn on kali linux.

Post by TinCanTech » Fri Jun 24, 2022 12:56 am

What is the actual problem
universecloud wrote:
Thu Jun 23, 2022 11:46 pm
The problem seems easy but i can't seem to find the config file of openvpn
Check with kali linux, where they package it.

boomshankerx
OpenVpn Newbie
Posts: 4
Joined: Fri Jun 24, 2022 5:05 am

Re: I have a problem with openvpn on kali linux.

Post by boomshankerx » Fri Jun 24, 2022 5:15 am

Kali updated openvpn to v2.6:
openvpn/kali-rolling,now 2.6.0~git20220518+dco-2 amd64

Several settings have been modified or depricated
--cipher has been deprecated and replaced with --data-ciphers

The error is in the ovpn client configuration file used to connect to the vpn server.
The command you're looking for is:

Code: Select all

find / -type f -name '*.ovpn' -print 2>/dev/null
I can see you are trying to access TryHackMe vpn server. Delete the cipher line and add:

Code: Select all

data-ciphers AES-256-CBC:AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: I have a problem with openvpn on kali linux.

Post by TinCanTech » Fri Jun 24, 2022 9:31 am

OpenVPN version 2.6 is not a stable release and is not supported.

kali linux maintainers are responsible for their decision to ship development software.

universecloud
OpenVpn Newbie
Posts: 2
Joined: Thu Jun 23, 2022 11:38 pm

Re: I have a problem with openvpn on kali linux.

Post by universecloud » Fri Jun 24, 2022 1:30 pm

boomshankerx wrote:
Fri Jun 24, 2022 5:15 am
Kali updated openvpn to v2.6:
openvpn/kali-rolling,now 2.6.0~git20220518+dco-2 amd64

Several settings have been modified or depricated
--cipher has been deprecated and replaced with --data-ciphers

The error is in the ovpn client configuration file used to connect to the vpn server.
The command you're looking for is:

Code: Select all

find / -type f -name '*.ovpn' -print 2>/dev/null
I can see you are trying to access TryHackMe vpn server. Delete the cipher line and add:

Code: Select all

data-ciphers AES-256-CBC:AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
THANK YOU SO MUCH! Saved for future reference.

I still have to ask, why did you add "-print 2>/dev/null" what's its purpose here?

boomshankerx
OpenVpn Newbie
Posts: 4
Joined: Fri Jun 24, 2022 5:05 am

Re: I have a problem with openvpn on kali linux.

Post by boomshankerx » Sat Jun 25, 2022 4:30 pm

Try running the command without 2>/dev/null. Depending on if you are running as root you may see a bunch of permission denied entries polluting your results. 2>/dev/null redirects stderr to /dev/null (blackhole) effectively filtering out the permission denied entries. You won't see as many of these if you are running as root so it might seem unnecessary.

-print probably isn't necessary as it is the default behavior when find is run without other expressions. It's a habit from running find in more complicated ways.
https://unix.stackexchange.com/question ... find-print

boomshankerx
OpenVpn Newbie
Posts: 4
Joined: Fri Jun 24, 2022 5:05 am

Re: I have a problem with openvpn on kali linux.

Post by boomshankerx » Sat Jun 25, 2022 4:47 pm

TinCanTech wrote:
Fri Jun 24, 2022 9:31 am
OpenVPN version 2.6 is not a stable release and is not supported.

kali linux maintainers are responsible for their decision to ship development software.
Agreed. Not sure the decision to move to 2.6 was a great choice.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: I have a problem with openvpn on kali linux.

Post by TinCanTech » Sat Jun 25, 2022 5:37 pm

boomshankerx wrote:
Sat Jun 25, 2022 4:47 pm
Not sure the decision to move to 2.6 was a great choice
A decision that says a lot about the Kali maintainers ..

https://community.openvpn.net/openvpn/w ... edVersions

boomshankerx
OpenVpn Newbie
Posts: 4
Joined: Fri Jun 24, 2022 5:05 am

Re: I have a problem with openvpn on kali linux.

Post by boomshankerx » Sat Jun 25, 2022 9:01 pm

I'm poking around in the kali forums and irc to see if it was a mistake or if there is a reasonable explanation.

https://bugs.kali.org/view.php?id=7768

Turns out that this issue originates from debian testing which integrates openvpn 2.6

https://tracker.debian.org/pkg/openvpn
Last edited by boomshankerx on Sat Jun 25, 2022 9:47 pm, edited 1 time in total.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: I have a problem with openvpn on kali linux.

Post by TinCanTech » Sat Jun 25, 2022 9:33 pm

Excluding your comment, that is not a bug report it is a joke.

simba9
OpenVpn Newbie
Posts: 1
Joined: Tue Nov 15, 2022 12:50 am

Re: I have a problem with openvpn on kali linux.

Post by simba9 » Tue Nov 15, 2022 12:53 am

Tried all above advised but still no go; Always giving same error; tried with different servers as well. Uninstall and then reinstall
Please help me to overcome this; spend almost 2 hours to fix this.

2-11-15 11:17:56 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-11-15 11:17:56 OpenVPN 2.5.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 5 2022
2022-11-15 11:17:56 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2022-11-15 11:17:56 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-11-15 11:17:56 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-11-15 11:17:56 TCP/UDP: Preserving recently used remote address: [AF_INET]54.76.30.11:1194
2022-11-15 11:17:56 Socket Buffers: R=[212992->425984] S=[212992->425984]
2022-11-15 11:17:56 UDP link local: (not bound)
2022-11-15 11:17:56 UDP link remote: [AF_INET]54.76.30.11:1194
2022-11-15 11:18:56 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-15 11:18:56 TLS Error: TLS handshake failed
2022-11-15 11:18:56 SIGUSR1[soft,tls-error] received, process restarting
2022-11-15 11:18:56 Restart pause, 5 second(s)

Post Reply