Openvpn issues - cant connect correctly > Hosts unreachable

trailight · December 19, 2021, 10:04am

Hi,
i have problems to set up the ovpn connection correct and i cant find a solution.

I downloaded Virtual Box , than i installed Kali into the VM and creadted an account (No VIP) on HTB.

I wanted to start an Starting Point > Tier 0 so i go th MEOW and click on “connect to HTB”, i download the .ovpn file for the EU Server and started the connection. I tryed UDP and TCP, also i tryed the US Server.

Wenn connection was on i started the machine in the new user interface so i got the Target IP.
When i Ping the Target i cant reach the host system?

Here the ping:

──(kali㉿kali)-[~]
└─$ ping 10.129.2.209  
PING 10.129.2.209 (10.129.2.209) 56(84) bytes of data.
From 10.10.14.1 icmp_seq=1 Destination Host Unreachable
From 10.10.14.1 icmp_seq=2 Destination Host Unreachable
From 10.10.14.1 icmp_seq=3 Destination Host Unreachable
From 10.10.14.1 icmp_seq=4 Destination Host Unreachable
^C
--- 10.129.2.209 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4064ms
pipe 4

now the traceroute:

──(kali㉿kali)-[~]
└─$ traceroute 10.129.2.209                                            130 ⨯
traceroute to 10.129.2.209 (10.129.2.209), 30 hops max, 60 byte packets
 1  10.10.14.1 (10.10.14.1)  42.601 ms  42.598 ms  42.595 ms
 2  10.10.14.1 (10.10.14.1)  3094.473 ms !H  3096.957 ms !H  3097.509 ms !H

ifconfig:

┌──(kali㉿kali)-[~]
└─$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255
        inet6 fe80::a00:27ff:febe:2060  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:be:20:60  txqueuelen 1000  (Ethernet)
        RX packets 59979  bytes 66903511 (63.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 25444  bytes 3511420 (3.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 16  bytes 1072 (1.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 16  bytes 1072 (1.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.10.14.176  netmask 255.255.254.0  destination 10.10.14.176
        inet6 fe80::5e2c:62d9:b636:52b8  prefixlen 64  scopeid 0x20<link>
        inet6 dead:beef:2::10ae  prefixlen 64  scopeid 0x0<global>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 119  bytes 12896 (12.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 206  bytes 15996 (15.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

here the openvpn window Log:

┌──(kali㉿kali)-[~/Downloads]
└─$ sudo openvpn starting_point_traillight(1).ovpn
2021-12-19 04:48:57 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2021-12-19 04:48:57 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2021-12-19 04:48:57 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
2021-12-19 04:48:57 library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
2021-12-19 04:48:57 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2021-12-19 04:48:57 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2021-12-19 04:48:57 TCP/UDP: Preserving recently used remote address: [AF_INET]XX.XX.XX.248:1337
2021-12-19 04:48:57 Socket Buffers: R=[212992->212992] S=[212992->212992]
2021-12-19 04:48:57 UDP link local: (not bound)
2021-12-19 04:48:57 UDP link remote: [AF_INET]XX.XX.XX.248:1337
2021-12-19 04:48:57 TLS: Initial packet from [AF_INET]XX.XX.XX.248:1337, sid=d3abcb51 1efe6fd9
2021-12-19 04:48:58 VERIFY OK: depth=1, CN=HackTheBox
2021-12-19 04:48:58 VERIFY KU OK
2021-12-19 04:48:58 Validating certificate extended key usage
2021-12-19 04:48:58 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-12-19 04:48:58 VERIFY EKU OK
2021-12-19 04:48:58 VERIFY OK: depth=0, CN=htb
2021-12-19 04:48:58 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
2021-12-19 04:48:58 [htb] Peer Connection Initiated with [AF_INET]XX.XX.XX.248:1337
2021-12-19 04:48:58 PUSH: Received control message: 'PUSH_REPLY,route 10.10.10.0 255.255.254.0,route 10.129.0.0 255.255.0.0,route-ipv6 dead:beef::/64,tun-ipv6,route-gateway 10.10.14.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 dead:beef:2::11bc/64 dead:beef:2::1,ifconfig 10.10.15.190 255.255.254.0,peer-id 1,cipher AES-256-GCM'
2021-12-19 04:48:58 OPTIONS IMPORT: timers and/or timeouts modified
2021-12-19 04:48:58 OPTIONS IMPORT: --ifconfig/up options modified
2021-12-19 04:48:58 OPTIONS IMPORT: route options modified
2021-12-19 04:48:58 OPTIONS IMPORT: route-related options modified
2021-12-19 04:48:58 OPTIONS IMPORT: peer-id set
2021-12-19 04:48:58 OPTIONS IMPORT: adjusting link_mtu to 1625
2021-12-19 04:48:58 OPTIONS IMPORT: data channel crypto options modified
2021-12-19 04:48:58 Data Channel: using negotiated cipher 'AES-256-GCM'
2021-12-19 04:48:58 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-12-19 04:48:58 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-12-19 04:48:58 net_route_v4_best_gw query: dst 0.0.0.0
2021-12-19 04:48:58 net_route_v4_best_gw result: via 10.0.2.2 dev eth0
2021-12-19 04:48:58 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=eth0 HWADDR=08:00:27:be:20:60
2021-12-19 04:48:58 GDG6: remote_host_ipv6=n/a
2021-12-19 04:48:58 net_route_v6_best_gw query: dst ::
2021-12-19 04:48:58 sitnl_send: rtnl: generic error (-101): Network is unreachable
2021-12-19 04:48:58 ROUTE6: default_gateway=UNDEF
2021-12-19 04:48:58 TUN/TAP device tun2 opened
2021-12-19 04:48:58 net_iface_mtu_set: mtu 1500 for tun2
2021-12-19 04:48:58 net_iface_up: set tun2 up
2021-12-19 04:48:58 net_addr_v4_add: 10.10.15.190/23 dev tun2
2021-12-19 04:48:58 net_iface_mtu_set: mtu 1500 for tun2
2021-12-19 04:48:58 net_iface_up: set tun2 up
2021-12-19 04:48:58 net_addr_v6_add: dead:beef:2::11bc/64 dev tun2
2021-12-19 04:48:58 net_route_v4_add: 10.10.10.0/23 via 10.10.14.1 dev [NULL] table 0 metric -1
2021-12-19 04:48:58 net_route_v4_add: 10.129.0.0/16 via 10.10.14.1 dev [NULL] table 0 metric -1
2021-12-19 04:48:58 add_route_ipv6(dead:beef::/64 -> dead:beef:2::1 metric -1) dev tun2
2021-12-19 04:48:58 net_route_v6_add: dead:beef::/64 via :: dev tun2 table 0 metric -1
2021-12-19 04:48:58 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-12-19 04:48:58 Initialization Sequence Completed

can someone help me or tell whats the problem?

I googled a lot and found tons with the same problem but no solution to fix it.

Topic		Replies	Views
Problem with Starting Point	0	199	November 18, 2021
Starting Point: Destination Host Unreachable Other starting-point , startingpoint	2	2601	August 10, 2024
Network unreachable	2	489	April 20, 2024
I can't ping the active machines even though im connected to the starting point HTB Content starting-point	5	755	November 29, 2021
How to properly connect to VPN? Off-topic kali , noob , windows , starting-point , vpn , openvpn	1	1033	July 29, 2022

Openvpn issues - cant connect correctly > Hosts unreachable

Related Topics