TLS handshake failure during vpn connection

Hi Everyone.

Hope everyone has had a great weekend.

I have been using hack the box straight from my laptop, never had a problem connecting. Following advise from HTB I decided to build a virtual machine running parrot OS, finished the updates last night, the OS runs spot on.

I downloaded my connection pack as normal, tried to connect to the HTB vpn but I noticed the following error.

2020-10-18 18:26:53 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-10-18 18:26:53 TLS Error: TLS handshake failed
2020-10-18 18:26:53 SIGUSR1[soft,tls-error] received, process restarting
2020-10-18 18:26:53 Restart pause, 40 second(s)
2020-10-18 18:27:09 SIGINT[hard,init_instance] received, process exiting

I am using “NAT” as the network setting which is default for virtual box, could that be the error. I will switch to “Bridged” setting to see if that makes a difference.

I will report back if it works.

Thanks

John

Type your comment> @ellisJ1980 said:

Hi Everyone.

Hope everyone has had a great weekend.

I have been using hack the box straight from my laptop, never had a problem connecting. Following advise from HTB I decided to build a virtual machine running parrot OS, finished the updates last night, the OS runs spot on.

I downloaded my connection pack as normal, tried to connect to the HTB vpn but I noticed the following error.

2020-10-18 18:26:53 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-10-18 18:26:53 TLS Error: TLS handshake failed
2020-10-18 18:26:53 SIGUSR1[soft,tls-error] received, process restarting
2020-10-18 18:26:53 Restart pause, 40 second(s)
2020-10-18 18:27:09 SIGINT[hard,init_instance] received, process exiting

I am using “NAT” as the network setting which is default for virtual box, could that be the error. I will switch to “Bridged” setting to see if that makes a difference.

I will report back if it works.

Thanks

John

Quick Update…

I switched settings to briged network in Virtual Box, sadly no better, get the following error.

2020-10-18 19:14:11 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-10-18 19:14:11 TLS Error: TLS handshake failed
2020-10-18 19:14:11 SIGUSR1[soft,tls-error] received, process restarting
2020-10-18 19:14:11 Restart pause, 10 second(s)
2020-10-18 19:14:21 Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2020-10-18 19:14:21 Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2020-10-18 19:14:21 TCP/UDP: Preserving recently used remote address: [AF_INET]5.44.235.23:1337
2020-10-18 19:14:21 Socket Buffers: R=[212992->212992] S=[212992->212992]
2020-10-18 19:14:21 UDP link local: (not bound)
2020-10-18 19:14:21 UDP link remote: [AF_INET]5.44.235.23:1337
2020-10-18 19:14:21 TLS: Initial packet from [AF_INET]5.44.235.23:1337, sid=7a016908 9dde4473
2020-10-18 19:14:21 VERIFY OK: depth=1, C=UK, ST=City, L=London, O=HackTheBox, CN=HackTheBox CA, name=htb, emailAddress=info@hackthebox.eu
2020-10-18 19:14:21 VERIFY KU OK
2020-10-18 19:14:21 Validating certificate extended key usage

I will keep playing, see if I can fix the error, but if anyone has any advise to speed up the fix it would be massively appreciated.

Thanks again

John

Type your comment> @ellisJ1980 said:

Type your comment> @ellisJ1980 said:

Hi Everyone.

Hope everyone has had a great weekend.

I have been using hack the box straight from my laptop, never had a problem connecting. Following advise from HTB I decided to build a virtual machine running parrot OS, finished the updates last night, the OS runs spot on.

I downloaded my connection pack as normal, tried to connect to the HTB vpn but I noticed the following error.

2020-10-18 18:26:53 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-10-18 18:26:53 TLS Error: TLS handshake failed
2020-10-18 18:26:53 SIGUSR1[soft,tls-error] received, process restarting
2020-10-18 18:26:53 Restart pause, 40 second(s)
2020-10-18 18:27:09 SIGINT[hard,init_instance] received, process exiting

I am using “NAT” as the network setting which is default for virtual box, could that be the error. I will switch to “Bridged” setting to see if that makes a difference.

I will report back if it works.

Thanks

John

Quick Update…

I switched settings to briged network in Virtual Box, sadly no better, get the following error.

2020-10-18 19:14:11 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-10-18 19:14:11 TLS Error: TLS handshake failed
2020-10-18 19:14:11 SIGUSR1[soft,tls-error] received, process restarting
2020-10-18 19:14:11 Restart pause, 10 second(s)
2020-10-18 19:14:21 Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2020-10-18 19:14:21 Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2020-10-18 19:14:21 TCP/UDP: Preserving recently used remote address: [AF_INET]5.44.235.23:1337
2020-10-18 19:14:21 Socket Buffers: R=[212992->212992] S=[212992->212992]
2020-10-18 19:14:21 UDP link local: (not bound)
2020-10-18 19:14:21 UDP link remote: [AF_INET]5.44.235.23:1337
2020-10-18 19:14:21 TLS: Initial packet from [AF_INET]5.44.235.23:1337, sid=7a016908 9dde4473
2020-10-18 19:14:21 VERIFY OK: depth=1, C=UK, ST=City, L=London, O=HackTheBox, CN=HackTheBox CA, name=htb, emailAddress=info@hackthebox.eu
2020-10-18 19:14:21 VERIFY KU OK
2020-10-18 19:14:21 Validating certificate extended key usage

I will keep playing, see if I can fix the error, but if anyone has any advise to speed up the fix it would be massively appreciated.

Thanks again

John

I changed the vpn file to TCP rather than UDP and now when I run the file it just sticks, so I will change that back to UDP and look at something else. See my current terminal output below

2020-10-18 19:53:11 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless “allow-compression yes” is also set.
2020-10-18 19:53:11 DEPRECATED OPTION: --cipher set to ‘AES-128-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add ‘AES-128-CBC’ to --data-ciphers or change --cipher ‘AES-128-CBC’ to --data-ciphers-fallback ‘AES-128-CBC’ to silence this warning.
2020-10-18 19:53:11 OpenVPN 2.5_beta3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 1 2020
2020-10-18 19:53:11 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
2020-10-18 19:53:11 Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2020-10-18 19:53:11 Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2020-10-18 19:53:11 TCP/UDP: Preserving recently used remote address: [AF_INET]5.44.235.23:1337
2020-10-18 19:53:11 Socket Buffers: R=[131072->131072] S=[16384->16384]
2020-10-18 19:53:11 Attempting to establish TCP connection with [AF_INET]5.44.235.23:1337 [nonblock]

Type your comment> @ellisJ1980 said:

Type your comment> @ellisJ1980 said:

Type your comment> @ellisJ1980 said:

Hi Everyone.

Hope everyone has had a great weekend.

I have been using hack the box straight from my laptop, never had a problem connecting. Following advise from HTB I decided to build a virtual machine running parrot OS, finished the updates last night, the OS runs spot on.

I downloaded my connection pack as normal, tried to connect to the HTB vpn but I noticed the following error.

2020-10-18 18:26:53 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-10-18 18:26:53 TLS Error: TLS handshake failed
2020-10-18 18:26:53 SIGUSR1[soft,tls-error] received, process restarting
2020-10-18 18:26:53 Restart pause, 40 second(s)
2020-10-18 18:27:09 SIGINT[hard,init_instance] received, process exiting

I am using “NAT” as the network setting which is default for virtual box, could that be the error. I will switch to “Bridged” setting to see if that makes a difference.

I will report back if it works.

Thanks

John

Quick Update…

I switched settings to briged network in Virtual Box, sadly no better, get the following error.

2020-10-18 19:14:11 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-10-18 19:14:11 TLS Error: TLS handshake failed
2020-10-18 19:14:11 SIGUSR1[soft,tls-error] received, process restarting
2020-10-18 19:14:11 Restart pause, 10 second(s)
2020-10-18 19:14:21 Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2020-10-18 19:14:21 Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2020-10-18 19:14:21 TCP/UDP: Preserving recently used remote address: [AF_INET]5.44.235.23:1337
2020-10-18 19:14:21 Socket Buffers: R=[212992->212992] S=[212992->212992]
2020-10-18 19:14:21 UDP link local: (not bound)
2020-10-18 19:14:21 UDP link remote: [AF_INET]5.44.235.23:1337
2020-10-18 19:14:21 TLS: Initial packet from [AF_INET]5.44.235.23:1337, sid=7a016908 9dde4473
2020-10-18 19:14:21 VERIFY OK: depth=1, C=UK, ST=City, L=London, O=HackTheBox, CN=HackTheBox CA, name=htb, emailAddress=info@hackthebox.eu
2020-10-18 19:14:21 VERIFY KU OK
2020-10-18 19:14:21 Validating certificate extended key usage

I will keep playing, see if I can fix the error, but if anyone has any advise to speed up the fix it would be massively appreciated.

Thanks again

John

I changed the vpn file to TCP rather than UDP and now when I run the file it just sticks, so I will change that back to UDP and look at something else. See my current terminal output below

2020-10-18 19:53:11 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless “allow-compression yes” is also set.
2020-10-18 19:53:11 DEPRECATED OPTION: --cipher set to ‘AES-128-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add ‘AES-128-CBC’ to --data-ciphers or change --cipher ‘AES-128-CBC’ to --data-ciphers-fallback ‘AES-128-CBC’ to silence this warning.
2020-10-18 19:53:11 OpenVPN 2.5_beta3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 1 2020
2020-10-18 19:53:11 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
2020-10-18 19:53:11 Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2020-10-18 19:53:11 Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2020-10-18 19:53:11 TCP/UDP: Preserving recently used remote address: [AF_INET]5.44.235.23:1337
2020-10-18 19:53:11 Socket Buffers: R=[131072->131072] S=[16384->16384]
2020-10-18 19:53:11 Attempting to establish TCP connection with [AF_INET]5.44.235.23:1337 [nonblock]

Interesting…

Following a guide I altered the vpn file again, this time I changed the port to 443 and the last two lines in the file were changed as well, now I get a TCP connection as you can see below BUT rather than keeping a connection to the vpn server, it automatically restarts as you can see below.

I will have another look at this tomorrow (gotta start getting ready for work :frowning: gutted)

If anyone has any idea’s please give me a shout. After my terminal output I have posted what I have changed in the vpn file.

2020-10-18 20:23:20 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless “allow-compression yes” is also set.
2020-10-18 20:23:20 DEPRECATED OPTION: --cipher set to ‘AES-128-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add ‘AES-128-CBC’ to --data-ciphers or change --cipher ‘AES-128-CBC’ to --data-ciphers-fallback ‘AES-128-CBC’ to silence this warning.
2020-10-18 20:23:20 OpenVPN 2.5_beta3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 1 2020
2020-10-18 20:23:20 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
2020-10-18 20:23:20 Outgoing Control Channel Encryption: Cipher ‘AES-256-CTR’ initialized with 256 bit key
2020-10-18 20:23:20 Outgoing Control Channel Encryption: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2020-10-18 20:23:20 Incoming Control Channel Encryption: Cipher ‘AES-256-CTR’ initialized with 256 bit key
2020-10-18 20:23:20 Incoming Control Channel Encryption: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2020-10-18 20:23:20 TCP/UDP: Preserving recently used remote address: [AF_INET]5.44.235.23:443
2020-10-18 20:23:20 Socket Buffers: R=[131072->131072] S=[16384->16384]
2020-10-18 20:23:20 Attempting to establish TCP connection with [AF_INET]5.44.235.23:443 [nonblock]
2020-10-18 20:23:21 TCP connection established with [AF_INET]5.44.235.23:443
2020-10-18 20:23:21 TCP_CLIENT link local: (not bound)
2020-10-18 20:23:21 TCP_CLIENT link remote: [AF_INET]5.44.235.23:443
2020-10-18 20:23:22 TLS: Initial packet from [AF_INET]5.44.235.23:443, sid=d33ee5eb cf2a3af2
2020-10-18 20:23:22 VERIFY OK: depth=1, C=UK, ST=City, L=London, O=HackTheBox, CN=HackTheBox CA, name=htb, emailAddress=info@hackthebox.eu
2020-10-18 20:23:22 VERIFY KU OK
2020-10-18 20:23:22 Validating certificate extended key usage
2020-10-18 20:23:22 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2020-10-18 20:23:22 VERIFY EKU OK
2020-10-18 20:23:22 VERIFY OK: depth=0, C=UK, ST=City, L=London, O=HackTheBox, CN=htb, name=htb, emailAddress=info@hackthebox.eu
2020-10-18 20:23:22 Connection reset, restarting [0]
2020-10-18 20:23:22 SIGUSR1[soft,connection-reset] received, process restarting
2020-10-18 20:23:22 Restart pause, 5 second(s)
2020-10-18 20:23:27 Outgoing Control Channel Encryption: Cipher ‘AES-256-CTR’ initialized with 256 bit key
2020-10-18 20:23:27 Outgoing Control Channel Encryption: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2020-10-18 20:23:27 Incoming Control Channel Encryption: Cipher ‘AES-256-CTR’ initialized with 256 bit key
2020-10-18 20:23:27 Incoming Control Channel Encryption: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2020-10-18 20:23:27 TCP/UDP: Preserving recently used remote address: [AF_INET]5.44.235.23:443
2020-10-18 20:23:27 Socket Buffers: R=[131072->131072] S=[16384->16384]
2020-10-18 20:23:27 Attempting to establish TCP connection with [AF_INET]5.44.235.23:443 [nonblock]
2020-10-18 20:23:28 TCP connection established with [AF_INET]5.44.235.23:443
2020-10-18 20:23:28 TCP_CLIENT link local: (not bound)
2020-10-18 20:23:28 TCP_CLIENT link remote: [AF_INET]5.44.235.23:443
2020-10-18 20:23:28 TLS: Initial packet from [AF_INET]5.44.235.23:443, sid=0ec36205 1edd40c6
2020-10-18 20:23:28 VERIFY OK: depth=1, C=UK, ST=City, L=London, O=HackTheBox, CN=HackTheBox CA, name=htb, emailAddress=info@hackthebox.eu
2020-10-18 20:23:28 VERIFY KU OK
2020-10-18 20:23:28 Validating certificate extended key usage
2020-10-18 20:23:28 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2020-10-18 20:23:28 VERIFY EKU OK
2020-10-18 20:23:28 VERIFY OK: depth=0, C=UK, ST=City, L=London, O=HackTheBox, CN=htb, name=htb, emailAddress=info@hackthebox.eu
2020-10-18 20:23:28 Connection reset, restarting [0]
2020-10-18 20:23:28 SIGUSR1[soft,connection-reset] received, process restarting
2020-10-18 20:23:28 Restart pause, 5 second(s)

VPN FILE CHANGES

proto tcp
remote edge-eu-free-3.hackthebox.eu 443
-----END PRIVATE KEY-----


-----END OpenVPN Static key V1-----

Thanks again

John

Did you find a solution? I’m having the same TLS handshake error.

Yo, I used ‘switch’ to generate a new openvpn which I then re-downloaded – it worked!

Type your comment> @tinhat said:

Yo, I used ‘switch’ to generate a new openvpn which I then re-downloaded – it worked!

Hey can you go into a little more detail about this, I have been having the same issue.

i’ve experienced the same problem just now and I just redownloaded ovpn config once again and it worked. Only thing that differed between new config and an old config are key hashes which is understandable. I don’t have any idea why previous key won’t work no more but well it’s still good that it connects again.

Type your comment> @Rhasta said:

Type your comment> @tinhat said:

Yo, I used ‘switch’ to generate a new openvpn which I then re-downloaded – it worked!

Hey can you go into a little more detail about this, I have been having the same issue.

I think he meant to ‘switch’ the vpn server location from EU to US or vice versa and switch back.

I faced the same issue and tried it. It worked!!

Guys, I’m having the same problem, I tried to reinstall the ovpn, changed between EU and USA, I’m having the same problem

Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-12-26 09:50:10 UDP link local: (not bound)
2022-12-26 09:50:10 UDP link remote: [AF_INET]23.19.225.248:1337
2022-12-26 09:50:10 TLS: Initial packet from [AF_INET]23.19.225.248:1337, sid=53318157 e2fa4f9a
2022-12-26 09:51:10 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-12-26 09:51:10 TLS Error: TLS handshake failed
2022-12-26 09:51:10 SIGUSR1[soft,tls-error] received, process restarting
2022-12-26 09:51:10 Restart pause, 40 second(s)

PLEASE ANY HELP.
And Thanks for your time.

FINALLY SOLVED IT:

  • Change proto udp to proto tcp
  • Change remote {serverAddressHere} 1337 to remote {serverAddressHere} 443
  • Change <tls-auth> to <tls-crypt>
  • Change </tls-auth> to </tls-crypt>

Follow these steps.

Yeah this worked for me as well. Thank you