Issues with vpn?

HTB Content Machines
, ,
1

Hi everyone, so I got my vpn working, and will post that log. However, on HTB for active machines I cannot ping nor visit any URLs for the active machines. I tried TCP and UDP to no avail, not sure what’s going on.

2020-09-30 17:17:13 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless “allow-compression yes” is also set.
2020-09-30 17:17:13 DEPRECATED OPTION: --cipher set to ‘AES-128-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add ‘AES-128-CBC’ to --data-ciphers or change --cipher ‘AES-128-CBC’ to --data-ciphers-fallback ‘AES-128-CBC’ to silence this warning.
2020-09-30 17:17:13 OpenVPN 2.5_beta3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 1 2020
2020-09-30 17:17:13 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
2020-09-30 17:17:13 Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2020-09-30 17:17:13 Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2020-09-30 17:17:14 TCP/UDP: Preserving recently used remote address: [AF_INET]5.44.235.168:1337
2020-09-30 17:17:14 Socket Buffers: R=[212992->212992] S=[212992->212992]
2020-09-30 17:17:14 UDP link local: (not bound)
2020-09-30 17:17:14 UDP link remote: [AF_INET]5.44.235.168:1337
2020-09-30 17:17:14 TLS: Initial packet from [AF_INET]5.44.235.168:1337, sid=d40ece1e 6186048d
2020-09-30 17:17:14 VERIFY OK: depth=1, C=UK, ST=City, L=London, O=HackTheBox, CN=HackTheBox CA, name=htb, emailAddress=info@hackthebox.eu
2020-09-30 17:17:14 VERIFY KU OK
2020-09-30 17:17:14 Validating certificate extended key usage
2020-09-30 17:17:14 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2020-09-30 17:17:14 VERIFY EKU OK
2020-09-30 17:17:14 VERIFY OK: depth=0, C=UK, ST=City, L=London, O=HackTheBox, CN=htb, name=htb, emailAddress=info@hackthebox.eu
2020-09-30 17:17:14 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2020-09-30 17:17:14 [htb] Peer Connection Initiated with [AF_INET]5.44.235.168:1337
2020-09-30 17:17:15 SENT CONTROL [htb]: ‘PUSH_REQUEST’ (status=1)
2020-09-30 17:17:15 PUSH: Received control message: ‘PUSH_REPLY,route 10.10.10.0 255.255.254.0,route-ipv6 dead:beef::/64,tun-ipv6,route-gateway 10.10.14.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 dead:beef:2::10c0/64 dead:beef:2::1,ifconfig 10.10.14.194 255.255.254.0,peer-id 38,cipher AES-256-GCM’
2020-09-30 17:17:15 OPTIONS IMPORT: timers and/or timeouts modified
2020-09-30 17:17:15 OPTIONS IMPORT: --ifconfig/up options modified
2020-09-30 17:17:15 OPTIONS IMPORT: route options modified
2020-09-30 17:17:15 OPTIONS IMPORT: route-related options modified
2020-09-30 17:17:15 OPTIONS IMPORT: peer-id set
2020-09-30 17:17:15 OPTIONS IMPORT: adjusting link_mtu to 1625
2020-09-30 17:17:15 OPTIONS IMPORT: data channel crypto options modified
2020-09-30 17:17:15 Data Channel: using negotiated cipher ‘AES-256-GCM’
2020-09-30 17:17:15 Outgoing Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key
2020-09-30 17:17:15 Incoming Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key
2020-09-30 17:17:15 net_route_v4_best_gw query: dst 0.0.0.0
2020-09-30 17:17:15 net_route_v4_best_gw result: via 192.168.1.1 dev eth0
2020-09-30 17:17:15 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth0 HWADDR=00:0c:29:c6:38:94
2020-09-30 17:17:15 GDG6: remote_host_ipv6=n/a
2020-09-30 17:17:15 net_route_v6_best_gw query: dst ::
2020-09-30 17:17:15 net_route_v6_best_gw result: via fe80::daa7:56ff:fe93:f8a dev eth0
2020-09-30 17:17:15 ROUTE6_GATEWAY fe80::daa7:56ff:fe93:f8a IFACE=eth0
2020-09-30 17:17:15 TUN/TAP device tun6 opened
2020-09-30 17:17:15 net_iface_mtu_set: mtu 1500 for tun6
2020-09-30 17:17:15 net_iface_up: set tun6 up
2020-09-30 17:17:15 net_addr_v4_add: 10.10.14.194/23 dev tun6
2020-09-30 17:17:15 net_iface_mtu_set: mtu 1500 for tun6
2020-09-30 17:17:15 net_iface_up: set tun6 up
2020-09-30 17:17:15 net_addr_v6_add: dead:beef:2::10c0/64 dev tun6
2020-09-30 17:17:15 net_route_v4_add: 10.10.10.0/23 via 10.10.14.1 dev [NULL] table 0 metric -1
2020-09-30 17:17:15 add_route_ipv6(dead:beef::/64 → dead:beef:2::1 metric -1) dev tun6
2020-09-30 17:17:15 net_route_v6_add: dead:beef::/64 via :: dev tun6 table 0 metric -1
2020-09-30 17:17:15 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
2020-09-30 17:17:15 Initialization Sequence Completed

Last line claims connection is finalized, and on HTB it says i’m connected.

Thanks for the help!

2

@zylah said:

Hi everyone, so I got my vpn working, and will post that log. However, on HTB for active machines I cannot ping nor visit any URLs for the active machines. I tried TCP and UDP to no avail, not sure what’s going on.

When you check the access page (Login :: Hack The Box :: Penetration Testing Labs) does it say you are connected?

When you run ifconfig what IP address is assigned to tun0?

When you try to connect to a server, what results do you get? Timeout is very different to server not found for example.

3

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.10.14.93

and yes it does say i’m connected, that’s why i’m lost. I’ll restart the vm, see if that helps any.

thank you for the reply

4

reboot seems to have worked, not sure what was wrong. thank you again

5

Awesome.