Why I am still on 16.04 when ubuntu has already launch 19.04 Disco dingo? Answer is I have 16.04 with all the necessary tools. Anyway while working on hackthebox my vpn started dropping the connection. So, I decided to troubleshoot the problem myself before changing the configuration. After googling for hours and trying every possible method written I couldn’t find a solution to my OpenVPN issue. Finally I decided to follow htb alternate tcp connection. And from here begins the journey of openvpn and openssl.
The Error:
- [ server] Inactivity timeout ( — ping-restart), restarting
- TLS Error: Unroutable control packet received
Possible Solutions I tried:
- Tried restarting virtual box.
- Tried regenerating my opvn file.
- Tried updating my timezone.
- Tried resetting my timezone in htb profile and again regenerating ovpn file.
- Tried closing all connections and again connecting.
- Tried reading almost all threads related to similar issue.
But the above two issues kept on coming.
Finally I decided to change openvpn configuration from UDP to TCP according to official htb website.
Alternate TCP Connection
By default, our network uses UDP port 1337. If this port is blocked at your location, you can try switching to TCP 443 by editing your .ovpn file.
Change proto udp to proto tcpChange remote {serverAddressHere} 1337 to remote {serverAddressHere} 443Change <tls-auth> to <tls-crypt>Change </tls-auth> to </tls-crypt>
So after changing configuration the moment I ran:
#openvpn vpnfile.ovpnOutput:
Options error: Unrecognized option or missing parameter(s) in vpnfile.ovpn:18: tls-crypt
Checked the version:
#openvpn --version
openvpn version 2.3.10-jubuntu2.2#openssl version
OpenSSL 1.0.2g 1 Mar 2016
Need to install latest version of OpenVPN and OpenSSL. Remove old version of OpenVPN and openSSL before installing latest version.
Install OpenVPN 2.4.7
- Visit https://openvpn.net/community-downloads/
- Download via
#wget https://swupdate.openvpn.org/community/releases/openvpn-2.4.7.tar.gz
#tar xfz openvpn-2.4.7.tar.gz
#cd openvpn-2.4.7
#./configureOutput:
checking for a BSD-compatible install… /usr/bin/install -c
checking whether build environment is sane… ye
schecking for a thread-safe mkdir -p… /bin/mkdir
.
.
[truncated output]
.
checking for SSL_CTX_new… no
configure: error: openssl check failed
Install OpenSSL
- Visit https://www.openssl.org/source
- Download via
#wget https://www.openssl.org/source/openssl-1.0.2s.tar.gz#tar xvf openssl-1.0.2.tar.gz#./config -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)'#make#make install
Output:
#bash: /usr/bin/openssl: No such file or directoryRun Commands:
#ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl#ln -s /usr/local/ssl/bin/openssl /usr/local/bin/openssl
Note:
-openssl may or may not be needed. Since I uninstalled openssl to install latest version. Steps are mentioned below.
-/usr/local/bin is for locally compiled package and /usr/bin is for trivial binaries not needed in single user mode
Try Installing OpenVPN
#./configure
#make
#make install
#openvpn — versionOutput:
#OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul 26 2019library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08Originally developed by James YonanCopyright © 2002–2018 OpenVPN Inc <sales@openvpn.net>
For the error “configure: error: ssl is required but missing”
#apt-get install libssl-devFor the error “configure: error: lzo enabled but missing”
#apt-get install liblzo2-deFor the error “configure: error: libpam required but missing “
#apt-get install libpam0g-devNote:
-Sudo is not used as the vm was running as root. Also we can specify manually where to install ssl libraries,etc. It is just a general workaround.
Reference:
For Hackthebox:
https://www.hackthebox.eu/home/htb/access
https://forum.hackthebox.eu/discussion/369/openvpn-doesnt-connect-from-last-3-days
https://forum.hackthebox.eu/discussion/1541/vpn-connection-shows-tls-failed
For OpenVPN:
https://openvpn.net/community-downloads/
https://openvpn.net/community-resources/installing-openvpn/
For OpenSSL:
https://www.openssl.org/source/
https://stackoverflow.com/questions/27729139/unable-to-install-openvpn-2-3-6-on-ubuntu-14-04-lts-to-work-work-with-tun-tap
https://superuser.com/questions/987788/openssl-not-found-during-configure
https://www.howtoinstall.co/en/ubuntu/xenial/openssl?action=remove
For OpenVPN manual installation:
https://websiteforstudents.com/manually-install-the-latest-openssl-toolkit-on-ubuntu-16-04-18-04-lts/
