Anyone using AWS EC2 for Kali Linux? If so, HELP (Setup Problems)

I’m trying and failing to get Kali Linux setup in the cloud that I can use for hackthebox, and I am running into a series of issues, hoping at this point someone may have gone through similar issues and would have some insight to help.

Instead of using a VM to setup Kali I want to get it up and running on the cloud, and I thought setting up an EC2 instance with kali linux installed would be the cleanest way to go ahead and do that. However I can’t seem to get the openvpn connection working properly.

I went through the EC2 marketplace and got a default Kali Linux instance up and running (AWS Marketplace: Kali Linux), ssh’ed in, and made sure it was properly updated by running

sudo apt update && sudo apt dist-upgrade -y
sudo apt-get install kali-linux-headless

Everything looked to be setup and ready to go. The issue is getting the openvpn connection running. As I’m running kali headless I’m not sure how to get my .opvn file setup properly for my EC2 instance. I transferred it over from my local using scp, but after running sudo openvpn [myopvnfile].ovpn I get a series of messages stating the connection is being attempted:

2021-02-02 05:02:44 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless “allow-compression yes” is also set.
2021-02-02 05:02:44 DEPRECATED OPTION: --cipher set to ‘AES-128-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add ‘AES-128-CBC’ to --data-ciphers or change --cipher ‘AES-128-CBC’ to --data-ciphers-fallback ‘AES-128-CBC’ to silence this warning.
2021-02-02 05:02:44 OpenVPN 2.5.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 28 2020
2021-02-02 05:02:44 library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10
2021-02-02 05:02:44 Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2021-02-02 05:02:44 Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2021-02-02 05:02:44 TCP/UDP: Preserving recently used remote address: [AF_INET]
2021-02-02 05:02:44 Socket Buffers: R=[212992->212992] S=[212992->212992]
2021-02-02 05:02:44 UDP link local: (not bound)
2021-02-02 05:02:44 UDP link remote: [AF_INET]
2021-02-02 05:02:44 TLS: Initial packet from [AF_INET]
2021-02-02 05:02:44 VERIFY OK: depth=1, C=UK, ST=City, L=London, O=HackTheBox, CN=HackTheBox CA, name=htb,
2021-02-02 05:02:44 VERIFY KU OK
2021-02-02 05:02:44 Validating certificate extended key usage
2021-02-02 05:02:44 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-02-02 05:02:44 VERIFY EKU OK
2021-02-02 05:02:44 VERIFY OK: depth=0, C=UK, ST=City, L=London, O=HackTheBox, CN=htb, name=htb,

and a minute later a failure response:

2021-02-02 05:03:44 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-02-02 05:03:44 TLS Error: TLS handshake failed
2021-02-02 05:03:44 SIGUSR1[soft,tls-error] received, process restarting
2021-02-02 05:03:44 Restart pause, 5 second(s)

I’m confident the issue is that since I downloaded my .opvn locally, it’s configured to my local IP address, however looking through the .opvn file I don’t see a place anywhere that I can change the config to my ec2 instance’s IP address. My only other thought is to see if I can just download a new config file from hackthebox from my instance, but I’ll admit I’m a bit of a n00b and unsure if that’s something I can do headless, and I really don’t want to set up any kind of GUI for this.

I have seen messages online that people are using an ec2 instance to run hackthebox challenges so I believe what I’m trying to do is possible, but I can’t for the damn life of me get the openvpn connection working. If anyone here has gone through this and has a solution for me you would be my hero!

Solved the problem, though I’m not immediately sure as to the why. It looks like the .ovpn file I was using was already assigned an ip address that was different from my ec2 instance. So I just had to generate a new .ovpn file and attempt to use the new file. Embarrassingly easy answer for 3+ hours of troubleshooting