본문으로 바로가기

HackTheBox OpenVpn 연결에러

category Pentest/HackTheBox 2023. 6. 18. 02:11
728x90
반응형

개요

오랜만에 HackTheBox를 즐겨보려 접속했는데 openvpn 연결하는데 에러가 난다. 해결해놓고보니 별 것 아니긴한데 국내에서 HackTheBox 즐기시는 분 있으면 참고하라는 의미에서 글을 남기고자 한다.

참고로 필자는 OS X Ventura 13.2이고 OpenSSL 3.1 버전이 설치된 상황이었다.

 

증상

나타난 에러를 하나한 해결해내가는 과정을 기술하면 좋겠지만 귀찮아서 패스하고자한다. openvpn 연결 시 만났던 에러는 다음과 같다.

╭─jako@prompt-mini ~/Downloads
╰─$ openvpn lab_jakan.ovpn                                                                                                       1 ↵
2023-06-18 01:56:37 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2023-06-18 01:56:37 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2023-06-18 01:56:37 OpenVPN 2.6.4 aarch64-apple-darwin22.4.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD]
2023-06-18 01:56:37 library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10
2023-06-18 01:56:37 OpenSSL: error:0A00018E:SSL routines::ca md too weak
2023-06-18 01:56:37 Cannot load inline certificate file
2023-06-18 01:56:37 Exiting due to fatal error
╭─jako@prompt-mini ~/Downloads
╰─$ openvpn lab_jakan.ovpn                                                                                                       1 ↵
2023-06-18 01:56:53 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2023-06-18 01:56:53 OpenVPN 2.6.4 aarch64-apple-darwin22.4.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD]
2023-06-18 01:56:53 library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10
2023-06-18 01:56:53 OpenSSL: error:0A00018E:SSL routines::ca md too weak
2023-06-18 01:56:53 Cannot load inline certificate file
2023-06-18 01:56:53 Exiting due to fatal error
╭─jako@prompt-mini ~/Downloads
╰─$ openvpn lab_jakan.ovpn                                                                                                       1 ↵
2023-06-18 01:57:13 OpenVPN 2.6.4 aarch64-apple-darwin22.4.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD]
2023-06-18 01:57:13 library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10
2023-06-18 01:57:13 OpenSSL: error:0A00018E:SSL routines::ca md too weak
2023-06-18 01:57:13 Cannot load inline certificate file
2023-06-18 01:57:13 Exiting due to fatal error
╭─jako@prompt-mini ~/Downloads
╰─$ openvpn lab_jakan.ovpn                                                                                                       1 ↵
2023-06-18 01:57:44 OpenVPN 2.6.4 aarch64-apple-darwin22.4.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD]
2023-06-18 01:57:44 library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10
2023-06-18 01:57:44 Cipher BF-CBC not supported
2023-06-18 01:57:44 Exiting due to fatal error



해결

HackTheBox에서 다운로드 받은 .ovpn 파일을 열어보면 다음과 같이 생겼다.

client
dev tun
proto udp
remote edge-eu-free-1.hackthebox.eu 1337
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
comp-lzo
verb 3
cipher AES-128-CBC
auth SHA256
key-direction 1
<ca>
...

이를 다음과 같이 변경하자

client
dev tun
proto udp
remote edge-eu-free-1.hackthebox.eu 1337
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
comp-lzo no # 수정
verb 3
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305 # 추가
data-ciphers-fallback AES-256-CBC # 추가
tls-cipher "DEFAULT:@SECLEVEL=0" # 추가 
auth SHA256
key-direction 1
<ca>
...

 

맺음말

위의 증상은 VPN 서버를 US로 설정한뒤 연결하면 맞닥뜨리진 않는다. 

 

참고 

https://superuser.com/questions/1737052/openssl-error0a00018essl-routinesca-md-too-weak

 

OpenSSL: error:0A00018E:SSL routines::ca md too weak

Linux Mint 21 Success install openvpn. OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022 openssl version -a OpenSSL 1.1.1q 5 ...

superuser.com

https://forum.hackthebox.com/t/lab-access-openvpn-certificate-verify-failed/257102/7

 

Lab Access Openvpn certificate verify failed

I have a similar problem, i’m new here and i try to access with my Ubuntu. This is my current system version PRETTY_NAME="Ubuntu 22.04.1 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.1 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIK

forum.hackthebox.com

 

728x90
반응형

'Pentest > HackTheBox' 카테고리의 다른 글

[HackTheBox]: Cap  (0) 2021.07.25
[HackTheBox] : Templated  (0) 2020.10.25
[HackTheBox] : Register  (0) 2020.10.18
[HackTheBox] : Traceback  (0) 2020.10.18