Jump to content
Sign in to follow this  
Guest Roman

Cannot connect to VPN Windows 10, looks like Blowfish depricated from the OpenVPN client recently

Recommended Posts

Guest Roman

It looks like there may be a cipher compatibility issue with newer versions of OpenVPN. I was only able to find 3 articles about this error and they were all within the last 30 days.

https://sourceforge.net/p/openvpn/mailman/message/37072072/

https://sourceforge.net/p/openvpn/mailman/openvpn-devel/?page=4

https://openvpn.net/vpn-server-resources/additional-security-command-line-options/#Change_the_encryption_cipher_for_server_and_client

This is my error

Sun Aug 30 21:56:27 2020 OPTIONS ERROR: failed to negotiate cipher with server.  Add the server's cipher ('BF-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM') if you want to connect to this server.
Sun Aug 30 21:56:27 2020 ERROR: Failed to apply push options
Sun Aug 30 21:56:27 2020 Failed to open tun/tap interface

This looks to be in response to the SWEET32 Cipher flaw in 128 bit version of BlowFish - Source

https://fedoraproject.org/wiki/Changes/New_default_cipher_in_OpenVPN

I've been looking for a way to add this cipher to my configuration, but I haven't seen anything.

Please advise

 

 

 

 

 

Share this post


Link to post
Share on other sites
krisbowe

Do you get the same error from a Kali VM connection via OpenVPN?

 

Share this post


Link to post
Share on other sites
StefanWAustin

You have to downgrade your openVPN software on Windows. Using Windows does not make much sense, you can use Windows for the first lab, that is it.

Share this post


Link to post
Share on other sites
Guest Vitor

I am also struggling with this problem, using Kali Linux. Tried to redownload VPN configuration file but it did not work. How can I downgrade my OpenVPN on kali to make it work?

Share this post


Link to post
Share on other sites
StefanWAustin

On kali, use:

sudo openvpn --data-ciphers BF-CBC --config yourlabfile.ovpn

  • Like 1

Share this post


Link to post
Share on other sites
Guest Tim

For people who connect from Windows. I found a version that works without BlowFish error. it is openvpn-install-2.4.9-I601-Win10.exe. It spent 30 minutes looking for work around, wasted my time and money because the lab deduct my time. 

Link: https://build.openvpn.net/downloads/releases/openvpn-install-2.4.9-I601-Win10.exe

It is ridiculous the "Ask Support" button on member portal bring us to a forum instead of person who can help us, not even a service portal to log tickets.........worst, this forum doesn't have a section for MAP course.

Share this post


Link to post
Share on other sites
StefanWAustin
1 hour ago, Guest Tim said:

"Ask Support" button on member portal bring us to a forum instead of person who can help us,

You can use the chat on Facebook or Twitter. Alternatively you can write an email to the support support@elearnsecurity.com. If you write an email, you will get your time back. 

Share this post


Link to post
Share on other sites
skuggar

I was getting ready to take a test and stumbled across this issue while trying to visit a lab to practice something. The command line Caesar posted above works fine, but if you edit the ovpn like below, you can still use it through the network manager gui.

 

1.png

Share this post


Link to post
Share on other sites
Guest
You are commenting as a guest. If you have an account, please sign in.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×