Hey folks,
I’ve been a long time user and this is the first time I’m experiencing problems connecting to HTB via VPN. These are the logs the VPN client generates:
2022-07-19 05:53:34 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-07-19 05:53:34 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2022-07-19 05:53:34 OpenVPN 2.5.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 5 2022
2022-07-19 05:53:34 library versions: OpenSSL 3.0.3 3 May 2022, LZO 2.10
2022-07-19 05:53:34 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-07-19 05:53:34 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-07-19 05:53:34 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-07-19 05:53:34 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-07-19 05:53:34 TCP/UDP: Preserving recently used remote address: [AF_INET]5.44.235.23:443
2022-07-19 05:53:34 Socket Buffers: R=[131072->131072] S=[16384->16384]
2022-07-19 05:53:34 Attempting to establish TCP connection with [AF_INET]5.44.235.23:443 [nonblock]
2022-07-19 05:53:34 TCP connection established with [AF_INET]5.44.235.23:443
2022-07-19 05:53:34 TCP_CLIENT link local: (not bound)
2022-07-19 05:53:34 TCP_CLIENT link remote: [AF_INET]5.44.235.23:443
2022-07-19 05:53:34 TLS: Initial packet from [AF_INET]5.44.235.23:443, sid=336c3ddb 397b8acd
2022-07-19 05:53:34 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=UK, ST=City, L=London, O=HackTheBox, CN=htb, name=htb, emailAddress=info@hackthebox.eu, serial=1
2022-07-19 05:53:34 OpenSSL: error:0A000086:SSL routines::certificate verify failed
2022-07-19 05:53:34 TLS_ERROR: BIO read tls_read_plaintext error
2022-07-19 05:53:34 TLS Error: TLS object -> incoming plaintext read error
2022-07-19 05:53:34 TLS Error: TLS handshake failed
2022-07-19 05:53:34 Fatal TLS error (check_tls_errors_co), restarting
2022-07-19 05:53:34 SIGUSR1[soft,tls-error] received, process restarting
It seems like the TLS handshake fails for some reason. I’ve tried all the usual, re-downloading connection pack, switching from TCP to UDP etc. I also went to the HTB vpn troubleshooting page but couldn’t find anything useful.
After some googling I figured that this problem might not be coming from the client (my) side, but rather the server side. Can anyone confirm this?
If the problem lies with the client, I’d love to know how to fix it because I’m not sure how to continue.
. I’m not quite sure what the problem was, but the solution was switching VPN servers from EU Free 3 to EU Free 1.