OpenVPN error?

Hello, everything seemed to be working normally, until I can no longer connect to the VPN (I even reinstalled Kali :joy:)

The error I get is this:

2022-06-27 09:53:27 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless “allow-compression yes” is also set.
2022-06-27 09:53:27 Unsupported cipher in --data-ciphers: BF-CBC
Options error: --data-ciphers list contains unsupported ciphers or is too long.
Use --help for more information.

YES

I swear it’s not anyone’s fault, but this same topic has been on this forum since Valentine was active and I found the forum by mistake.

Removed my original answer to guide those to a better solution provided by @InfosecGreg (Thank you!) towards the bottom of this post.

If for some reason you are still struggling, the route I went is still an option, but as IG mentions, this is risky and tedious. Almost as tedious as being told to roll back my OpenVPN version by support staff.

Found it. This saved me SO MUCH TIME. Much more helpful than HTB Support.

Link to Fix it

You’re probably going to need to do what I did which was following some of the instructions at the bottom of the page linked above.

sudo -i
./configure
make
make install
openvpn --version

… will work.

I hope this helps!!!

Cheers!

Does this work without needing to rollback OpenVPN?? If so that would be amazing.

Works just fine. You don’t have to roll anything back.

If you try to compile an older version of OpenVPN you’re going to run into dependency errors since your version of OpenSSL will most likely be updated as well, so you’d have to compile a new version of that as well.

Yea! You’re exactly right! It was a huge pain. As soon as I saw someone else with the connection struggle I was like man, let me help them asap. That link I posted was the only one that had all the right information in it.

Your solution makes so much more sense than what was told to me (or rather told to look up the right way to do it on my own) by the support staff. I’m going to edit my solution above, and guide people to your solution instead.

Thank you!

1 Like

Thanks man I will try, I changed the server and the new file worked, but I did not see that line eariler when I had the problem (I saw similar answer in another post) but mine .ovpn didn’t seem to have that line.

I’m having this issue and the line change ‘cipher’ > ‘data-ciphers’ doesn’t seem to fix it as it’s already data-ciphers.

Okay I fixed it by deleting every entry for --data-ciphers apart from AES-256-CBC and I changed it from 256 to 128.

1 Like

Steps to fix

  1. Check server connection

Firstly, we check the connection from the home computer to the OpenVPN server. For this, we use the telnet command in the format

If the connection do not work properly, we then check on the server side to see if there are connections reaching the OpenVPN server from this particular client.

  1. Disabling firewall

If connections are not even reaching the server, obviously the client computer firewall will have a role in it. To isolate this firewall dependency, our Dedicated Engineers suggest customers to completely turn off firewall and repeat the telnet check. For example, in case of Windows customers, we ask them to disable Windows Firewall completely and try connecting.

Again, if there are further error messages, it means there is something beyond the computer firewall.

  1. Edit port forwarding rules

At this point, we check the port forwarding rules in the OpenVPN server. We look for typos in the rules and fix them. That solves the OpenVPN error 10054, and make OpenVPN work fine.

Greeting,
Rachel Gomez

Anyone else feel HackTheBox should be the one fixes the issues with their OpenVPN Connection not working with modern client rather than us trying to figure this out? We are paying for the product (well some of us are).

I have tried all the suggestions in this thread and am STILL unable to connect using latest Kali. Big disappointment as I signed up for a year and havent been able to use for a couple of months and finally started to dig in.