OpenVPN Error

blue1313 · January 23, 2021, 2:40pm

Since today Im Getting this error when I tried to connect throught OpenVPN.

Can someone help me?

openvpn blue1313.ovpn

2021-01-23 09:36:00 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless “allow-compression yes” is also set.
2021-01-23 09:36:00 DEPRECATED OPTION: --cipher set to ‘AES-128-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add ‘AES-128-CBC’ to --data-ciphers or change --cipher ‘AES-128-CBC’ to --data-ciphers-fallback ‘AES-128-CBC’ to silence this warning.
2021-01-23 09:36:00 OpenVPN 2.5.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 28 2020
2021-01-23 09:36:00 library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10
2021-01-23 09:36:00 Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2021-01-23 09:36:00 Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2021-01-23 09:36:01 TCP/UDP: Preserving recently used remote address: [AF_INET]185.77.152.100:1337
2021-01-23 09:36:01 Socket Buffers: R=[212992->212992] S=[212992->212992]
2021-01-23 09:36:01 UDP link local: (not bound)
2021-01-23 09:36:01 UDP link remote: [AF_INET]185.77.152.100:1337
2021-01-23 09:36:01 TLS: Initial packet from [AF_INET]185.77.152.100:1337, sid=5665125e 28f5e6fd
2021-01-23 09:36:02 VERIFY OK: depth=1, C=UK, ST=City, L=London, O=HackTheBox, CN=HackTheBox CA, name=htb, emailAddress=info@hackthebox.eu
2021-01-23 09:36:02 VERIFY KU OK
2021-01-23 09:36:02 Validating certificate extended key usage
2021-01-23 09:36:02 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-23 09:36:02 VERIFY EKU OK
2021-01-23 09:36:02 VERIFY OK: depth=0, C=UK, ST=City, L=London, O=HackTheBox, CN=htb, name=htb, emailAddress=info@hackthebox.eu
2021-01-23 09:37:01 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-01-23 09:37:01 TLS Error: TLS handshake failed
2021-01-23 09:37:01 SIGUSR1[soft,tls-error] received, process restarting
2021-01-23 09:37:01 Restart pause, 5 second(s)
2021-01-23 09:37:06 Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2021-01-23 09:37:06 Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2021-01-23 09:37:11 TCP/UDP: Preserving recently used remote address: [AF_INET]185.77.152.100:1337
2021-01-23 09:37:11 Socket Buffers: R=[212992->212992] S=[212992->212992]
2021-01-23 09:37:11 UDP link local: (not bound)
2021-01-23 09:37:11 UDP link remote: [AF_INET]185.77.152.100:1337
2021-01-23 09:37:12 TLS: Initial packet from [AF_INET]185.77.152.100:1337, sid=5a809896 32423942
2021-01-23 09:37:12 VERIFY OK: depth=1, C=UK, ST=City, L=London, O=HackTheBox, CN=HackTheBox CA, name=htb, emailAddress=info@hackthebox.eu
2021-01-23 09:37:12 VERIFY KU OK
2021-01-23 09:37:12 Validating certificate extended key usage
2021-01-23 09:37:12 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-23 09:37:12 VERIFY EKU OK
2021-01-23 09:37:12 VERIFY OK: depth=0, C=UK, ST=City, L=London, O=HackTheBox, CN=htb, name=htb, emailAddress=info@hackthebox.eu
2021-01-23 09:37:13 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2021-01-23 09:37:13 [htb] Peer Connection Initiated with [AF_INET]185.77.152.100:1337
2021-01-23 09:37:14 SENT CONTROL [htb]: ‘PUSH_REQUEST’ (status=1)
2021-01-23 09:37:14 PUSH: Received control message: ‘PUSH_REPLY,route 10.10.10.0 255.255.255.0,route-ipv6 dead:beef::/64,tun-ipv6,route-gateway 10.10.14.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 dead:beef:2::103f/64 dead:beef:2::1,ifconfig 10.10.14.65 255.255.254.0,peer-id 63,cipher AES-256-GCM’
2021-01-23 09:37:14 OPTIONS IMPORT: timers and/or timeouts modified
2021-01-23 09:37:14 OPTIONS IMPORT: --ifconfig/up options modified
2021-01-23 09:37:14 OPTIONS IMPORT: route options modified
2021-01-23 09:37:14 OPTIONS IMPORT: route-related options modified
2021-01-23 09:37:14 OPTIONS IMPORT: peer-id set
2021-01-23 09:37:14 OPTIONS IMPORT: adjusting link_mtu to 1625
2021-01-23 09:37:14 OPTIONS IMPORT: data channel crypto options modified
2021-01-23 09:37:14 Data Channel: using negotiated cipher ‘AES-256-GCM’
2021-01-23 09:37:14 Outgoing Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key
2021-01-23 09:37:14 Incoming Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key
2021-01-23 09:37:14 net_route_v4_best_gw query: dst 0.0.0.0
2021-01-23 09:37:14 net_route_v4_best_gw result: via 10.0.2.2 dev eth0
2021-01-23 09:37:14 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=eth0 HWADDR=08:00:27:3e:77:73
2021-01-23 09:37:14 GDG6: remote_host_ipv6=n/a
2021-01-23 09:37:14 net_route_v6_best_gw query: dst ::
2021-01-23 09:37:14 sitnl_send: rtnl: generic error (-101): Network is unreachable
2021-01-23 09:37:14 ROUTE6: default_gateway=UNDEF
2021-01-23 09:37:14 ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
2021-01-23 09:37:14 Exiting due to fatal error

Morthius · January 23, 2021, 4:21pm

Are you running with sudo?

$sudo openvpn blue1313.ovpn

RachelGomez · October 31, 2022, 9:46am

The solution is to set up a proper DNS name and configure that and save settings. Then uninstall, redownload, and reinstall the connection profile or OpenVPN Connect Client program and to try again. Another common mistake is to forget to open the 3 ports required for OpenVPN Access Server to be reachable properly.

Regards,
Rachel Gomez