Jump to content

Kaspersky VPN Ubuntu


Go to solution Solved by Romanamors,

Recommended Posts

Hi

I am trying to setup my Linux VPN using my Kaspersky subscription but I am not being successful.

I installed the OpenVPN software on Ubuntu and I created the .ovpn file on My Kaspersky.

I am giving the openvpn --config kaspersky_uk.ovpn command and supplying the username and password I was given for that file, but a VPN connection is not successful

Link to comment
Share on other sites

6 hours ago, monx663 said:

Hi

I am trying to setup my Linux VPN using my Kaspersky subscription but I am not being successful.

I installed the OpenVPN software on Ubuntu and I created the .ovpn file on My Kaspersky.

I am giving the openvpn --config kaspersky_uk.ovpn command and supplying the username and password I was given for that file, but a VPN connection is not successful

What version of openvpn client do you use? if it is 2.6.x or latter please try to downgrade client to 2.5.x version.

Otherwise, client connection logs will be very helpful.

Link to comment
Share on other sites

On 11/14/2022 at 11:44 PM, Romanamors said:

What version of openvpn client do you use? if it is 2.6.x or latter please try to downgrade client to 2.5.x version.

Otherwise, client connection logs will be very helpful.

 

Hello and thanks for your reply.

Version OpenVPN 2.5.5 x86_64-pc-linux-gnu


Output from openvpn:

openvpn --config kaspersky_uk.ovpn
2022-11-16 02:18:01 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2022-11-16 02:18:01 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
2022-11-16 02:18:01 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
Enter Auth Username: 118b62ed05403a200804809c745f54ee
? Enter Auth Password: ************************************************
2022-11-16 02:18:47 TCP/UDP: Preserving recently used remote address: [AF_INET]88.202.186.64:1194
2022-11-16 02:18:47 UDP link local (bound): [AF_INET][undef]:1194
2022-11-16 02:18:47 UDP link remote: [AF_INET]88.202.186.64:1194
2022-11-16 02:18:47 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=SanFrancisco, O=naphaso, OU=naphaso, CN=naphaso, name=naphaso, emailAddress=*****@*****.tld, serial=1
2022-11-16 02:18:47 OpenSSL: error:0A000086:SSL routines::certificate verify failed
2022-11-16 02:18:47 TLS_ERROR: BIO read tls_read_plaintext error
2022-11-16 02:18:47 TLS Error: TLS object -> incoming plaintext read error
2022-11-16 02:18:47 TLS Error: TLS handshake failed
2022-11-16 02:18:47 SIGUSR1[soft,tls-error] received, process restarting
2022-11-16 02:18:52 TCP/UDP: Preserving recently used remote address: [AF_INET]88.202.186.64:1194
2022-11-16 02:18:52 UDP link local (bound): [AF_INET][undef]:1194
2022-11-16 02:18:52 UDP link remote: [AF_INET]88.202.186.64:1194
2022-11-16 02:18:52 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=SanFrancisco, O=naphaso, OU=naphaso, CN=naphaso, name=naphaso, emailAddress=*****@*****.tld, serial=1
2022-11-16 02:18:52 OpenSSL: error:0A000086:SSL routines::certificate verify failed
2022-11-16 02:18:52 TLS_ERROR: BIO read tls_read_plaintext error
2022-11-16 02:18:52 TLS Error: TLS object -> incoming plaintext read error
2022-11-16 02:18:52 TLS Error: TLS handshake failed
2022-11-16 02:18:52 SIGUSR1[soft,tls-error] received, process restarting
2022-11-16 02:18:57 TCP/UDP: Preserving recently used remote address: [AF_INET]88.202.186.64:1194
2022-11-16 02:18:57 UDP link local (bound): [AF_INET][undef]:1194
2022-11-16 02:18:57 UDP link remote: [AF_INET]88.202.186.64:1194
2022-11-16 02:18:57 TLS Error: Unroutable control packet received from [AF_INET]88.202.186.64:1194 (si=3 op=P_ACK_V1)
2022-11-16 02:18:59 TLS Error: Unroutable control packet received from [AF_INET]88.202.186.64:1194 (si=3 op=P_CONTROL_V1)
2022-11-16 02:18:59 TLS Error: Unroutable control packet received from [AF_INET]88.202.186.64:1194 (si=3 op=P_ACK_V1)
2022-11-16 02:19:01 TLS Error: Unroutable control packet received from [AF_INET]88.202.186.64:1194 (si=3 op=P_CONTROL_V1)
2022-11-16 02:19:03 TLS Error: Unroutable control packet received from [AF_INET]88.202.186.64:1194 (si=3 op=P_ACK_V1)
2022-11-16 02:19:07 TLS Error: Unroutable control packet received from [AF_INET]88.202.186.64:1194 (si=3 op=P_CONTROL_V1)
2022-11-16 02:19:12 TLS Error: Unroutable control packet received from [AF_INET]88.202.186.64:1194 (si=3 op=P_ACK_V1)
2022-11-16 02:19:18 TLS Error: Unroutable control packet received from [AF_INET]88.202.186.64:1194 (si=3 op=P_CONTROL_V1)
2022-11-16 02:19:23 TLS Error: Unroutable control packet received from [AF_INET]88.202.186.64:1194 (si=3 op=P_CONTROL_V1)
2022-11-16 02:19:28 TLS Error: Unroutable control packet received from [AF_INET]88.202.186.64:1194 (si=3 op=P_ACK_V1)
2022-11-16 02:19:57 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-16 02:19:57 TLS Error: TLS handshake failed
2022-11-16 02:19:57 SIGUSR1[soft,tls-error] received, process restarting
2022-11-16 02:20:02 TCP/UDP: Preserving recently used remote address: [AF_INET]146.70.30.194:1194
2022-11-16 02:20:02 UDP link local (bound): [AF_INET][undef]:1194
2022-11-16 02:20:02 UDP link remote: [AF_INET]146.70.30.194:1194
2022-11-16 02:20:03 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=SanFrancisco, O=naphaso,

Link to comment
Share on other sites

On 11/16/2022 at 3:26 AM, monx663 said:

 

Hello and thanks for your reply.

Version OpenVPN 2.5.5 x86_64-pc-linux-gnu


Output from openvpn:

openvpn --config kaspersky_uk.ovpn
2022-11-16 02:18:01 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2022-11-16 02:18:01 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
2022-11-16 02:18:01 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
Enter Auth Username: 118b62ed05403a200804809c745f54ee
? Enter Auth Password: ************************************************
2022-11-16 02:18:47 TCP/UDP: Preserving recently used remote address: [AF_INET]88.202.186.64:1194
2022-11-16 02:18:47 UDP link local (bound): [AF_INET][undef]:1194
2022-11-16 02:18:47 UDP link remote: [AF_INET]88.202.186.64:1194
2022-11-16 02:18:47 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=SanFrancisco, O=naphaso, OU=naphaso, CN=naphaso, name=naphaso, emailAddress=*****@*****.tld, serial=1
2022-11-16 02:18:47 OpenSSL: error:0A000086:SSL routines::certificate verify failed
2022-11-16 02:18:47 TLS_ERROR: BIO read tls_read_plaintext error
2022-11-16 02:18:47 TLS Error: TLS object -> incoming plaintext read error
2022-11-16 02:18:47 TLS Error: TLS handshake failed
2022-11-16 02:18:47 SIGUSR1[soft,tls-error] received, process restarting
2022-11-16 02:18:52 TCP/UDP: Preserving recently used remote address: [AF_INET]88.202.186.64:1194
2022-11-16 02:18:52 UDP link local (bound): [AF_INET][undef]:1194
2022-11-16 02:18:52 UDP link remote: [AF_INET]88.202.186.64:1194
2022-11-16 02:18:52 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=SanFrancisco, O=naphaso, OU=naphaso, CN=naphaso, name=naphaso, emailAddress=*****@*****.tld, serial=1
2022-11-16 02:18:52 OpenSSL: error:0A000086:SSL routines::certificate verify failed
2022-11-16 02:18:52 TLS_ERROR: BIO read tls_read_plaintext error
2022-11-16 02:18:52 TLS Error: TLS object -> incoming plaintext read error
2022-11-16 02:18:52 TLS Error: TLS handshake failed
2022-11-16 02:18:52 SIGUSR1[soft,tls-error] received, process restarting
2022-11-16 02:18:57 TCP/UDP: Preserving recently used remote address: [AF_INET]88.202.186.64:1194
2022-11-16 02:18:57 UDP link local (bound): [AF_INET][undef]:1194
2022-11-16 02:18:57 UDP link remote: [AF_INET]88.202.186.64:1194
2022-11-16 02:18:57 TLS Error: Unroutable control packet received from [AF_INET]88.202.186.64:1194 (si=3 op=P_ACK_V1)
2022-11-16 02:18:59 TLS Error: Unroutable control packet received from [AF_INET]88.202.186.64:1194 (si=3 op=P_CONTROL_V1)
2022-11-16 02:18:59 TLS Error: Unroutable control packet received from [AF_INET]88.202.186.64:1194 (si=3 op=P_ACK_V1)
2022-11-16 02:19:01 TLS Error: Unroutable control packet received from [AF_INET]88.202.186.64:1194 (si=3 op=P_CONTROL_V1)
2022-11-16 02:19:03 TLS Error: Unroutable control packet received from [AF_INET]88.202.186.64:1194 (si=3 op=P_ACK_V1)
2022-11-16 02:19:07 TLS Error: Unroutable control packet received from [AF_INET]88.202.186.64:1194 (si=3 op=P_CONTROL_V1)
2022-11-16 02:19:12 TLS Error: Unroutable control packet received from [AF_INET]88.202.186.64:1194 (si=3 op=P_ACK_V1)
2022-11-16 02:19:18 TLS Error: Unroutable control packet received from [AF_INET]88.202.186.64:1194 (si=3 op=P_CONTROL_V1)
2022-11-16 02:19:23 TLS Error: Unroutable control packet received from [AF_INET]88.202.186.64:1194 (si=3 op=P_CONTROL_V1)
2022-11-16 02:19:28 TLS Error: Unroutable control packet received from [AF_INET]88.202.186.64:1194 (si=3 op=P_ACK_V1)
2022-11-16 02:19:57 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-16 02:19:57 TLS Error: TLS handshake failed
2022-11-16 02:19:57 SIGUSR1[soft,tls-error] received, process restarting
2022-11-16 02:20:02 TCP/UDP: Preserving recently used remote address: [AF_INET]146.70.30.194:1194
2022-11-16 02:20:02 UDP link local (bound): [AF_INET][undef]:1194
2022-11-16 02:20:02 UDP link remote: [AF_INET]146.70.30.194:1194
2022-11-16 02:20:03 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=US, ST=CA, L=SanFrancisco, O=naphaso,

 

17 hours ago, m0fix said:

Hi, same issue here ! 

OpenVPN 2.5.7 x86_64-pc-linux-gnu

 

 

 

 

kaspersky.ovpn.png

Hello,

Thanks for details.

We found the root cause. Unfortunately a proper fix will take a time, it will be fixed in January.

 

Link to comment
Share on other sites

  • 1 month later...
  • 4 weeks later...
  • 3 weeks later...
  • 2 weeks later...
5 hours ago, lisboa said:

I did a check and found that the IP is leaking in webRTC

Region : USA

All leaks are on client side, so if you are using 3rd party OpenVPN client please check its settings. Also please look through https://nixfaq.org/2021/04/how-to-block-local-ipv6-leak-when-connected-to-an-ipv4-only-openvpn-connection-on-gnu-linux.html

WebRTC should be disabled in browser to prevent leak.

Link to comment
Share on other sites

  • 2 weeks later...
On 2/17/2023 at 10:03 PM, Romanamors said:

Hello!

The issue have been fixed, please check it within your environment (Please note that you might be required to reissue your OpenVPN credentials at https://my.kaspersky.com/VPN page).

Thank you for patience.

Hi
I tried again in Linux with the OpenVPN client version OpenVPN 2.5.5 x86_64-pc-linux-gnu.
I am getting the following error:
2023-03-06 17:30:03 TCP/UDP: Preserving recently used remote address: [AF_INET]185.239.174.218:1194
2023-03-06 17:30:03 UDP link local: (not bound)
2023-03-06 17:30:03 UDP link remote: [AF_INET]185.239.174.218:1194
2023-03-06 17:30:03 [Aura OpenVPN Prod Server] Peer Connection Initiated with [AF_INET]185.239.174.218:1194
2023-03-06 17:30:04 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: block-outside-dns (2.5.5)
2023-03-06 17:30:04 ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
2023-03-06 17:30:04 Exiting due to fatal error
 

Link to comment
Share on other sites

On 3/6/2023 at 6:34 PM, monx663 said:

Hi
I tried again in Linux with the OpenVPN client version OpenVPN 2.5.5 x86_64-pc-linux-gnu.
I am getting the following error:
2023-03-06 17:30:03 TCP/UDP: Preserving recently used remote address: [AF_INET]185.239.174.218:1194
2023-03-06 17:30:03 UDP link local: (not bound)
2023-03-06 17:30:03 UDP link remote: [AF_INET]185.239.174.218:1194
2023-03-06 17:30:03 [Aura OpenVPN Prod Server] Peer Connection Initiated with [AF_INET]185.239.174.218:1194
2023-03-06 17:30:04 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: block-outside-dns (2.5.5)
2023-03-06 17:30:04 ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
2023-03-06 17:30:04 Exiting due to fatal error
 

Hi, @monx663

it looks that you has tried to run openvpn within limited user account context. It requires elevated privileges to run properly. Try to use 'sudo'.

  • Like 1
Link to comment
Share on other sites

21 hours ago, Romanamors said:

Hi, @monx663

it looks that you has tried to run openvpn within limited user account context. It requires elevated privileges to run properly. Try to use 'sudo'.

That worked but there is a problem.
I get connected and things are OK for about ten minutes but then traffic is no longer possible. Then I have to disconnect and re-connect. So, it looks like about every ten minutes I need to disconnect and reconnect.

Thanks for any advice.

Link to comment
Share on other sites

4 hours ago, monx663 said:

That worked but there is a problem.
I get connected and things are OK for about ten minutes but then traffic is no longer possible. Then I have to disconnect and re-connect. So, it looks like about every ten minutes I need to disconnect and reconnect.

Thanks for any advice.

 Try to add next lines to .ovpn file:

ping 10
ping-restart 120
verb 5

If issue persists, please share openvpn log. If not - "verb 5" could be deleted.

Link to comment
Share on other sites

4 hours ago, monx663 said:

That worked but there is a problem.
I get connected and things are OK for about ten minutes but then traffic is no longer possible. Then I have to disconnect and re-connect. So, it looks like about every ten minutes I need to disconnect and reconnect.

Thanks for any advice.

 Try to add next lines to .ovpn file:

ping 10
ping-restart 120
verb 5

If issue persists, please share openvpn log. If not - "verb 5" could be deleted.

  • Like 1
Link to comment
Share on other sites

13 hours ago, Romanamors said:

 Try to add next lines to .ovpn file:

ping 10
ping-restart 120
verb 5

If issue persists, please share openvpn log. If not - "verb 5" could be deleted.

Yes, the problem persists.

The log contains:

2023-03-15 13:36:54 us=36051 do_ifconfig, ipv4=1, ipv6=0
2023-03-15 13:36:54 us=36069 net_iface_mtu_set: mtu 1500 for tun0
2023-03-15 13:36:54 us=36105 net_iface_up: set tun0 up
2023-03-15 13:36:54 us=36922 net_addr_v4_add: 10.236.48.10/20 dev tun0
W2023-03-15 13:36:54 us=37618 net_route_v4_add: 185.239.174.210/32 via 192.168.1.254 dev [NULL] table 0 metric -1
2023-03-15 13:36:54 us=37841 net_route_v4_add: 0.0.0.0/1 via 10.236.48.1 dev [NULL] table 0 metric -1
2023-03-15 13:36:54 us=38192 net_route_v4_add: 128.0.0.0/1 via 10.236.48.1 dev [NULL] table 0 metric -1
2023-03-15 13:36:54 us=38629 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-03-15 13:36:54 us=38645 Initialization Sequence Completed

 

Then continues a line with repeating:
rWrWrWrWRRwRwRwrWrWrWrWrWrWRwRwRwRwRwRwRwrWrWrWrWrWRwRwRwRwrWrWrWrWrWrWRwRwrWrWrWrWRwrWrWrWRwRwRwRwrWRwRwrWrWrWRwrWrWrWRwRwrWRwrWRwrWRwRwRwrWrWrWrWrWrWrWRwRwRwRwrWRwR

But nothing further is logged when the data transfer has been stopped

 

 

Thanks!

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...