I’m having connection issues regarding my vpn to access labs.
2022-05-10 14:54:31 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless “allow-compression yes” is also set.
Can anyone help me with this?
xtal
May 10, 2022, 9:45pm
2
I can confirm this error with OpenVPN version 2.5.5 .
OpenVPN version 2.5.1 creates an connection while the version 2.5.5 give the error message.
A quick and dirty fix is to add a line
tls-cipher DEFAULT:@SECLEVEL=0
in the first section in the ovpn file.
6 Likes
what a life saver my dude. it is working now.
Thanks
1 Like
heegan
July 30, 2022, 4:13am
4
getting this error: Options error: You must define TUN/TAP device (–dev)
Other responses pointed me here but my original problem is Error: An error of type OpenSSL::Digest::DigestError happened, message is Digest initialization failed: initialization error
Any solutions please!
xtal
July 30, 2022, 12:13pm
5
Can you please post the output (= the log) from openvpn with the error message.
I have no idea how to fix the error based on the error message alone. I hope the openvpn call and the messages from openvpn before the error gives a hint to the cause of the error.
I have a similar problem, i’m new here and i try to access with my Ubuntu.
This is my current system version
PRETTY_NAME="Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
The syslog say
Sep 24 23:52:13 machine nm-openvpn[24191]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 24 23:52:13 machine nm-openvpn[24191]: TCP/UDP: Preserving recently used remote address: [AF_INET]173.208.98.30:1337
Sep 24 23:52:13 machine nm-openvpn[24191]: UDP link local: (not bound)
Sep 24 23:52:13 machine nm-openvpn[24191]: UDP link remote: [AF_INET]173.208.98.30:1337
Sep 24 23:52:14 machine nm-openvpn[24191]: VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=UK, ST=City, L=London, O=HackTheBox, CN=htb, name=htb, emailAddress=info@hackthebox.eu, serial=1
Sep 24 23:52:14 machine nm-openvpn[24191]: OpenSSL: error:0A000086:SSL routines::certificate verify failed
Sep 24 23:52:14 machine nm-openvpn[24191]: TLS_ERROR: BIO read tls_read_plaintext error
Sep 24 23:52:14 machine nm-openvpn[24191]: TLS Error: TLS object -> incoming plaintext read error
Sep 24 23:52:14 machine nm-openvpn[24191]: TLS Error: TLS handshake failed
Sep 24 23:52:14 machine nm-openvpn[24191]: SIGUSR1[soft,tls-error] received, process restarting
Sep 24 23:52:20 machine NetworkManager[756]: <warn> [1664085140.7028] vpn[0x564b00f3e830,c50a7cf1-3a26-440b-98c1-5ddcef4f4bdd,"lab_nemouter"]: connect timeout exceeded
Sep 24 23:52:20 machine nm-openvpn-serv[24187]: Connect timer expired, disconnecting.
Sep 24 23:52:20 machine nm-openvpn[24191]: SIGTERM[hard,init_instance] received, process exiting
And my .ovpn file already contains the line tls-cipher DEFAULT:@SECLEVEL=0
client
dev tun
proto udp
remote edge-us-free-3.hackthebox.eu 1337
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
comp-lzo
verb 3
data-ciphers-fallback AES-128-CBC
data-ciphers AES-256-CBC:AES-256-CFB:AES-256-CFB1:AES-256-CFB8:AES-256-OFB:AES-256-GCM
tls-cipher "DEFAULT:@SECLEVEL=0"
auth SHA256
key-direction 1
This is the version of my openvpn cliente
OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_option_checking=no enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
I appreciate any help you can give me!
xtal
September 25, 2022, 12:00pm
8
The content of the ovpn file looks good. I also use Ubuntu 22.04.1 with OpenVPN 2.5.5 and connect to the VPN of HTB.
I use simply the openvpn tool in the console, not the openvpn plugin in the nm (network-manager). It is possible that the nm modifies the configuration. My tip is to check the VPN connections with openvpn command line tool and compare the results.
1 Like
Thank you very much for the help.
Use the command line interface is the solution in my case.
UPDATE:sudo to excecute openvpn on the terminal
1 Like