Unable to connect to Machine Openvpn, but able to connect to Startingpoint Openvpn

Hi, I am having trouble connecting to the openvpn for machines. I can successfully connect to the startingpoint openvpn and play the machines there, but when i attempt to connect via openvpn for the machines i get the following error.

sudo openvpn lab_Scht4sk.ovpn 
2022-05-13 18:46:06 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-05-13 18:46:06 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2022-05-13 18:46:06 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
2022-05-13 18:46:06 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2022-05-13 18:46:06 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-05-13 18:46:06 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-05-13 18:46:06 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-05-13 18:46:06 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-05-13 18:46:06 TCP/UDP: Preserving recently used remote address: [AF_INET]5.44.235.168:443
2022-05-13 18:46:06 Socket Buffers: R=[131072->131072] S=[16384->16384]
2022-05-13 18:46:06 Attempting to establish TCP connection with [AF_INET]5.44.235.168:443 [nonblock]
2022-05-13 18:46:06 TCP connection established with [AF_INET]5.44.235.168:443
2022-05-13 18:46:06 TCP_CLIENT link local: (not bound)
2022-05-13 18:46:06 TCP_CLIENT link remote: [AF_INET]5.44.235.168:443
2022-05-13 18:46:06 TLS: Initial packet from [AF_INET]5.44.235.168:443, sid=1530a87c 9bbfe02b
2022-05-13 18:46:06 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=UK, ST=City, L=London, O=HackTheBox, CN=htb, name=htb, emailAddress=info@hackthebox.eu, serial=1
2022-05-13 18:46:06 OpenSSL: error:0A000086:SSL routines::certificate verify failed
2022-05-13 18:46:06 TLS_ERROR: BIO read tls_read_plaintext error
2022-05-13 18:46:06 TLS Error: TLS object -> incoming plaintext read error
2022-05-13 18:46:06 TLS Error: TLS handshake failed
2022-05-13 18:46:06 Fatal TLS error (check_tls_errors_co), restarting
2022-05-13 18:46:06 SIGUSR1[soft,tls-error] received, process restarting
2022-05-13 18:46:06 Restart pause, 5 second(s)
2022-05-13 18:46:11 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-05-13 18:46:11 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-05-13 18:46:11 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-05-13 18:46:11 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-05-13 18:46:11 TCP/UDP: Preserving recently used remote address: [AF_INET]5.44.235.168:443
2022-05-13 18:46:11 Socket Buffers: R=[131072->131072] S=[16384->16384]
2022-05-13 18:46:11 Attempting to establish TCP connection with [AF_INET]5.44.235.168:443 [nonblock]
2022-05-13 18:46:11 TCP connection established with [AF_INET]5.44.235.168:443
2022-05-13 18:46:11 TCP_CLIENT link local: (not bound)
2022-05-13 18:46:11 TCP_CLIENT link remote: [AF_INET]5.44.235.168:443
2022-05-13 18:46:11 TLS: Initial packet from [AF_INET]5.44.235.168:443, sid=c03be2e6 98610729
2022-05-13 18:46:11 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=UK, ST=City, L=London, O=HackTheBox, CN=htb, name=htb, emailAddress=info@hackthebox.eu, serial=1
2022-05-13 18:46:11 OpenSSL: error:0A000086:SSL routines::certificate verify failed
2022-05-13 18:46:11 TLS_ERROR: BIO read tls_read_plaintext error
2022-05-13 18:46:11 TLS Error: TLS object -> incoming plaintext read error
2022-05-13 18:46:11 TLS Error: TLS handshake failed
2022-05-13 18:46:11 Fatal TLS error (check_tls_errors_co), restarting
2022-05-13 18:46:11 SIGUSR1[soft,tls-error] received, process restarting
2022-05-13 18:46:11 Restart pause, 5 second(s)

I am attempting to connect from a Ubuntu 22.04 LTS x86_64 OS host.
I can connect successfully with the same openvpn file inside vmware workstation from a kali vm
Any help in resolving this issue is greatly appreciated!

I believe there is a different file needed for the machines themselves. It should be in the machine page somewhere near the right side of the screen. Hope this helps.

I know that, that is not the problem…

The VPN of HTB does not work well with OpenVPN version 2.5.5, older versions works well.

A quick and dirty work around see the old question Lab Access Openvpn certificate verify failed

1 Like

Thank you so much for that!