OpenVPN Kali

markulous

Has anyone had any experience setting up OpenVPN on a Kali client? Or any Linux client?

I searched the heck out of this issue and I'm not seeing a solution. I'm wondering if the config we have is just not compatible with Linux. It works great on Windows machines (although there's a nice msi for them too).

Basically, the way we have it configured on our firewall is to authenticate with a username/password, a static key, and a p12 cert that they have installed on their client. When I go to the client configuration, select to authenticate with a password and cert from the dropdown, and select the certificate, it won't let me select the private key also, it puts the certificate in that field. If I force the .key file in the key field then it clears out the certificates. The only way it accepts the key file is if I set the authentication as a static key, but then that won't work because I need a username/password. I've tried it with the .ovpn config file and setting it up manually and it does the same thing.

Any ideas?

wd40

I was trying to configure a VPN connection on kali and it kept failing.

The solution was
sudo apt-get install network-manager-openvpn
sudo apt-get install network-manager-openvpn-gnome
sudo service network-manager restart

then try to configure the the vpn connection.

declaimer: I am not really sure why this fixed my issue and can not guarantee that it will work for you.

markulous

I didn't do the restart of the service but I installed both of those packages. I just tried it now and it still does the same thing. It pulls the cert into that private key field and asks me for the certificate password. I'm thinking there's no way to do it unless I make it only authenticate by username/password or have a CA setup for asymmetric encryption.

wd40

I am using user / password + a CA Certificate - AES-256-CBC Cipher and SHA-1 Authentication + Additional TLS authentication with a key file.

not sure if what I said is logical, I am just reading the configuration

markulous

No that makes sense. Here's my config. But as I mentioned, I tried doing it manually and it still wouldn't work so probably not the config file itself.

dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote x.x.x.x (port#) udp
lport 0
verify-x509-name "VPNSever" name
auth-user-pass
pkcs12 cert.p12
tls-auth key.key 1
ns-cert-type server

wd40

maybe the service restart part is mandatory?

markulous

Perhaps but like I said I did try that once you posted that and it still behaved that way. It's like it won't let me use a password and a static key at the same time.

Cyberscum

Are all your clients using the same private key or are you issuing every client a key from a CA server in your net?

Are you installing through terminal or using a GUI?

Cyberscum

If you are comfortable using term here is a great setup you can use with advances authentication using passwords as well. Its written for ubu but Kali is deb based so it should be the same.
This is for a server/CA setup so if you already have that you will have to change the c files to reflect the correct cert/path/etc...

https://help.ubuntu.com/lts/serverguide/openvpn.html

markulous

We don't have an internal CA setup so I'm pretty sure it was setup for the PFsense FW we're using.

I installed OpenVPN on my kali box through cli, but I'm trying to add the cert/key through the GUI.

I can try modifying the config file on that per the document. It essentially says that but we have a few other options in there.