VPN keeps resetting to US Free 3 - having to download new profile every weekend

NoMad · September 3, 2022, 8:34am

This one is beyond annoying:
Every other weekend, when I boot up my VM and want to connect to HTB VPN, it won’t work.
I go to the site, select “Connect to HTB” again, and find the VPN location was reset to “US Free 3”.
I’ve been in EU from the beginning and used VIP+ for the last half year.
But ever since some months ago when HTB had trouble with VPN not working at all, I have to generate a new connection pack for EU VIP+ 2 and import it on my VM to connect.
The site shows I’m successfully connected and I can spawn and connect to machines for the day.
A week or two later, it all starts over. Last week’s VPN profile won’t work, I’m kicked back to US Free 3.

Please fix your site, having to jump those stupid hurdles every time I want to play is the reason I’m rarely playing anymore. Thanks.

NoMad · September 4, 2022, 10:18am

2 more things:
Please issue a new CA cert as well, the current one uses SHA-1 signature which leads to errors in some VPN apps because it’s deprecated. I use NetworkManager with the imported OVPN profile, but NM discards the SECLEVEL option present in the config and won’t connect. Not a security issue, but again PITA for user experience.

Yesterday I left my laptop with VPN connected and an active machine spawned in VIP+, today I come back and the machine is offline (as expected), so I refresh the machine page on HTB because it still said it’s active. When refreshed, page says “Join machine” (instead of spawn instance) and sure enough, I’ve been kicked back to US Free 2. VPN was left running but disconnected over night.

Here’s my VPN log if it helps debugging:

2022-09-03 19:56:47 Initialization Sequence Completed
2022-09-04 01:07:07 [htb] Peer Connection Initiated with [AF_INET]23.19.62.3:1337
2022-09-04 01:07:07 Initialization Sequence Completed
2022-09-04 04:08:59 [htb] Inactivity timeout (--ping-restart), restarting
2022-09-04 04:08:59 SIGUSR1[soft,ping-restart] received, process restarting
2022-09-04 04:09:04 VERIFY OK: depth=0, C=UK, ST=City, L=London, O=HackTheBox, CN=htb, name=htb, emailAddress=info@hackthebox.eu
2022-09-04 04:10:04 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-09-04 04:10:04 TLS Error: TLS handshake failed
2022-09-04 04:10:04 SIGUSR1[soft,tls-error] received, process restarting
2022-09-04 04:10:09 VERIFY OK: depth=0, C=UK, ST=City, L=London, O=HackTheBox, CN=htb, name=htb, emailAddress=info@hackthebox.eu
2022-09-04 04:11:09 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-09-04 04:11:09 TLS Error: TLS handshake failed
2022-09-04 04:11:09 SIGUSR1[soft,tls-error] received, process restarting
[... and so on]
2022-09-04 05:42:42 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-09-04 05:42:42 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-09-04 05:42:42 TCP/UDP: Preserving recently used remote address: [AF_INET]23.19.62.3:1337
2022-09-04 05:42:42 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-09-04 05:42:42 UDP link local: (not bound)
2022-09-04 05:42:42 UDP link remote: [AF_INET]23.19.62.3:1337
2022-09-04 05:42:42 TLS: Initial packet from [AF_INET]23.19.62.3:1337, sid=a44715a6 7cff04d8
2022-09-04 05:42:42 VERIFY OK: depth=1, C=UK, ST=City, L=London, O=HackTheBox, CN=HackTheBox CA, name=htb, emailAddress=info@hackthebox.eu
2022-09-04 05:42:42 VERIFY KU OK
2022-09-04 05:42:42 Validating certificate extended key usage
2022-09-04 05:42:42 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-09-04 05:42:42 VERIFY EKU OK
2022-09-04 05:42:42 VERIFY OK: depth=0, C=UK, ST=City, L=London, O=HackTheBox, CN=htb, name=htb, emailAddress=info@hackthebox.eu
2022-09-04 05:43:42 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-09-04 05:43:42 TLS Error: TLS handshake failed
2022-09-04 05:43:42 SIGUSR1[soft,tls-error] received, process restarting
2022-09-04 05:43:42 Restart pause, 300 second(s)