├── README.md
├── README_RU.md
└── thm-troubleshoot


/README.md:
--------------------------------------------------------------------------------
 1 | # TryHackMe OpenVPN Troubleshooting Script
 2 | 
 3 | ### Script to troubleshoot connectivity to the TryHackMe network using OpenVPN on Linux.
 4 | 
 5 | Usage:
 6 | 
 7 | - Download the `thm-troubleshoot` script. Saving it to the same place as your OpenVPN configuration pack (`~/Downloads` by default) is advisable, but not essential.
 8 | - In your Linux terminal, make the script executable with `chmod +x <path-to-script>`. If you downloaded the script to your Downloads folder, this will be `chmod +x ~/Downloads/thm-troubleshoot`.
 9 | - Run the script by typing `sudo` followed by the path to the script into your terminal and pressing enter. If the script is in your downloads, it will be the following command: `sudo ~/Downloads/thm-troubleshoot`.
10 | - The script will instruct you on how to proceed from there.
11 | 
12 | **Disclaimer -- this script was originally designed to work on Kali, Ubuntu, or other Debian based systems to solve basic OpenVPN errors. If you're using a non-recommended distribution then it is assumed that you can also troubleshoot these errors manually**
13 | 
14 | **March 2023 update -- the script has been updated to support Arch linux users! With that said, Arch is still a non-recommended distribution. Using this flavor of linux is almost certainly guaranteed to lead to other more specific connection issues that this script won't be able to cover, ultimately taking away from the learning experience at TryHackMe. Use it at your own discretion.**
15 | 
16 | Any question or issues (or if connectivity problems persist), please ask in the [TryHackMe Discord server](https://discord.gg/F7ERYzz).
17 | Happy Hacking!
18 | 


--------------------------------------------------------------------------------
/README_RU.md:
--------------------------------------------------------------------------------
 1 | # TryHackMe Скрипт устранения неполадок OpenVPN
 2 | 
 3 | ### Сценарий для устранения неполадок при подключении к сети TryHackMe с помощью OpenVPN на Linux.
 4 | Использование:
 5 | * Загрузите скрипт `thm-troubleshoot`. Желательно сохранить его в том же месте, где находится ваш пакет конфигурации OpenVPN (по умолчанию `~/Downloads`), но не обязательно.
 6 | * В терминале Linux сделайте скрипт исполняемым с помощью `chmod +x <path-to-script>`. Если вы загрузили скрипт в папку Downloads, это будет chmod +x ~/Downloads/thm-troubleshoot.
 7 | * Запустите сценарий, набрав в терминале команду `sudo`, затем путь к сценарию и нажав клавишу Enter. Если скрипт находится в загружаемых файлах, это будет следующая команда: `sudo ~/Downloads/thm-troubleshoot`.
 8 | * Сценарий проинструктирует вас о том, как действовать дальше.
 9 | 
10 | **Отказ от ответственности -- этот скрипт предназначен для работы на Kali, Ubuntu или других системах на базе Debian для решения основных ошибок OpenVPN. Если вы используете не рекомендованный дистрибутив, предполагается, что вы можете устранить эти ошибки вручную.** 
11 | 
12 | Любые вопросы или проблемы (или если проблемы с подключением сохраняются), пожалуйста, задавайте на сервере [TryHackMe Discord server](https://discord.gg/F7ERYzz).
13 | Счастливого взлома!


--------------------------------------------------------------------------------
/thm-troubleshoot:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | #TryHackMe VPN Troubleshooting
  3 | #Jan, 2021
  4 | #V1.5
  5 | #MuirlandOracle
  6 | 
  7 | #Define Colours
  8 | colour(){
  9 | 	if [ $# -lt 2 ]; then
 10 | 		exit 1
 11 | 	fi	
 12 | 	case "$1" in
 13 | 		"green")
 14 | 			printf "\033[01;32m$2\033[0m\n"
 15 | 			;;
 16 | 		"red")
 17 | 			printf "\033[01;31m$2\033[0m\n"
 18 | 			;;
 19 | 		"yellow")
 20 | 			printf "\033[01;93m$2\033[0m\n"
 21 | 			;;
 22 | 		"header")
 23 | 			printf "\033[0;1;4m$2\033[0m\n"
 24 | 			;;
 25 | 		"code")
 26 | 			printf "\033[01;31;47m$2\033[0m\n"
 27 | 			;;
 28 | 		"warning")
 29 | 			printf "\033[01;93m[Warning!]\033[0m $2\n"
 30 | 			;;
 31 | 		"process")
 32 | 			printf "\033[01;94m$2\033[0m\n"
 33 | 			;;
 34 | 		*)
 35 | 			return 1
 36 | 			;;
 37 | 	esac
 38 | 	if [ $# -eq 3 ]; then
 39 | 		sleep $3s
 40 | 	fi
 41 | }
 42 | 
 43 | fin(){
 44 | 	printf "\n\n"
 45 | 	exit 1
 46 | }
 47 | 
 48 | connect(){
 49 | 	testSuccess() ( if grep -qio "Initialization Sequence Completed" $ovpnoutput;then return 0; else return 1;fi )
 50 | 	testCert() ( if grep -qioE "Cannot load inline certificate file|certificate verify failed|cannot load CA" $ovpnoutput;then return 0; else return 1;fi )
 51 | 	testCipher() ( if grep -qioE "cipher AES-256-CBC" $ovpn;then return 0; else return 1;fi )
 52 | 	ovpnoutput=$(mktemp)
 53 | 	openvpn $ovpn </dev/null &>$ovpnoutput &
 54 | 	colour process "[+] Connecting...." 10
 55 | 	for i in {1..2};do
 56 | 		if testSuccess; then
 57 | 			colour green "[+] Connection Process completed successfully!" 1
 58 | 			return 1
 59 | 		elif testCert; then
 60 | 			killall -9 openvpn &>/dev/null 2>/dev/null
 61 | 			colour red "[-] Fatal Error: Inline Certificate is invalid" 1
 62 | 			printf "Please regenerate your VPN config on the access page (https://tryhackme.com/access)\nIf errors persist, change server then regenerate the config.\nIf all else fails, ask for further assistance on the TryHackMe Discord server, subreddit or forums.\n"
 63 | 			colour red "[-] Exiting" 2
 64 | 			return 0
 65 | 		elif testCipher; then
 66 | 			colour red "[-] Using outdated switch for ciper negotiations. Attempting to update..." 1
 67 | 			sed -i 's/cipher AES-256-CBC/data-ciphers AES-256-CBC/' $ovpn
 68 | 			colour green "[+] Successfully updated cipher switch! Please connect to the vpn using the following command: "
 69 | 			colour code "sudo openvpn $ovpn" 2
 70 | 			
 71 | 			return 0
 72 | 		fi
 73 | 		if [ $i -le 1 ]; then
 74 | 			colour warning "Connection process is taking longer than expected to complete" 30
 75 | 		else
 76 | 			colour red "[-] Failed to connect" 1
 77 | 			printf "Failure to connect to the VPN can usually be solved by one of the following options:\n"
 78 | 			printf "	-Regenerating your OpenVPN config on the TryHackMe access page (https://tryhackme.com/access)\n"
 79 | 			printf "	-Switching servers, then regenerating your OpenVPN config\n"
 80 | 			printf "	-Checking your system time. If your system time is incorrect then this can cause issues with the authentication process\n"
 81 | 			printf "If none of these methods work, please ask for further assistance in the TryHackMe Discord server, subreddit or forums.\n"
 82 | 			colour red "[-] Exiting" 2
 83 | 			return 0
 84 | 		fi
 85 | 	done
 86 | }
 87 | 
 88 | distro_call=$("lsb_release" "-is")
 89 | distro="${distro_call[*]}"
 90 | 
 91 | #Title
 92 | title(){
 93 | 	printf "\n\n\033[0;1;32m"
 94 | 	cat << "EOF"
 95 | 	 _____           _   _            _    __  __		
 96 | 	|_   _| __ _   _| | | | __ _  ___| | _|  \/  | ___
 97 | 	  | || '__| | | | |_| |/ _` |/ __| |/ / |\/| |/ _ \
 98 | 	  | || |  | |_| |  _  | (_| | (__|   <| |  | |  __/
 99 | 	  |_||_|   \__, |_| |_|\__,_|\___|_|\_\_|  |_|\___|
100 | 	           |___/
101 | 
102 | EOF
103 | if [[ -n $distro ]]; then
104 |   printf "\033[38;2;216;1;81mLooks like you're running %s \033[0m" "$distro"
105 | else
106 |   printf "\033[38;2;216;1;81mLinux distro not recognized \033[0m"
107 | fi
108 | 
109 | 
110 |   printf "\033[0;35m						@MuirlandOracle\033[0m\n\n\n"
111 | }
112 | 
113 | 
114 | if [ ! -f /tmp/thm-title ]; then
115 | 	title
116 | else
117 | 	colour green "[+] Re-running with root permissions" 1
118 | 	rm /tmp/thm-title
119 | fi
120 | 
121 | 
122 | sleep 1s
123 | 
124 | #Check that the script is being run with sudo
125 | if [[ $EUID -ne 0 ]]; then
126 | 	colour red "[-] Script is being run as a low-privileged user" 1
127 | 	read -p "Would you like to run this script with higher privileges automatically (Y/n)? "  choice
128 | 	case "$choice" in
129 | 		n|N)
130 | 			printf "\n\nPlease run the script with the following command:\n"
131 | 			colour code "sudo $0" 1
132 | 			colour red "[-] Exiting" 2
133 | 			fin
134 | 			;;
135 | 		*)
136 | 			touch /tmp/thm-title
137 | 			sudo -E $0
138 | 			;;
139 | 	esac
140 | 	fin
141 | fi
142 | 
143 | # TODO add a check for network vpn files and/or other vpn configs - how to differentiate main THM VPN config from others?
144 | #Find the VPN Config
145 | ovpn=$(find . -maxdepth 1 -name "*.ovpn" -print -quit)
146 | if [ ${#ovpn} -eq 0 ]; then
147 | 	colour red "[-] Config not found in current directory" 1
148 | 	read -ep "Please enter the path to your config: " ovpn
149 | 	ovpn=${ovpn/\~/$HOME}
150 | 	if [ ${#ovpn} -lt 5 ]; then
151 | 		colour red "[-] Invalid File -- Config should be <your-username>.ovpn" 1
152 | 		colour red "[-] Exiting" 2
153 | 		fin
154 | 	elif [ -f $ovpn ] && [ ${ovpn: -5} ==  ".ovpn" ]; then
155 | 		colour green "[+] Config Located successfully" 1
156 | 	else
157 | 		colour red "[-] Config not located" 1
158 | 		colour red "[-] Exiting" 2
159 | 		fin
160 | 	fi
161 | fi
162 | 
163 | 
164 | 
165 | 
166 | #Check Internet connectivity
167 | if [ $(ping -c 1 -q 1.1.1.1 >&/dev/null; echo $?)  -gt 0 ]; then
168 | 	colour red "[-] You are not connected to the internet" 1
169 | 	colour red "[-] Exiting" 2
170 | 	fin
171 | else
172 | 	colour green "[+] Stable internet connection" 1
173 | fi
174 | 
175 | 
176 | # Determine package manager being used to create variables
177 | if pacman -V &>/dev/null; then 
178 |   pkg_manager_status=("pacman" "-V");
179 |   is_openvpn_installed=("pacman" "-Qs" "openvpn");
180 |   pkg_manager_update=("pacman" "-Syy");
181 |   install_openvpn=("pacman" "-S" "openvpn" "--noconfirm");
182 | fi
183 | 
184 | if dpkg-query -W -f='${Status}' apt &>/dev/null; then
185 |   pkg_manager_status=("dpkg-query" "-W" "-f='${Status}'" "apt")
186 |   is_openvpn_installed=("dpkg-query" "-W" "-f='${Status}'" "openvpn")
187 |   pkg_manager_update=("apt" "update")
188 |   install_openvpn=("apt" "install" "openvpn" "-y")
189 | fi
190 | 
191 | #Ensure that Openvpn is installed
192 | if ! "${is_openvpn_installed[@]}" &>/dev/null; then
193 | 	colour red "[-] OpenVPN is not installed" 1
194 | 	read -p "Would you like to install OpenVPN automatically (Y/n)? " choice
195 | 	case "$choice" in
196 | 		n|N)
197 | 			printf "\n\nPlease install OpenVPN manually\n"
198 | 			colour red "[-] Exiting" 2
199 | 			fin
200 | 			;;
201 | 		*)
202 | 			if  ! "${pkg_manager_status[@]}" &>/dev/null; then
203 | 				colour red "[-] System doesn't use apt or pacman -- please install OpenVPN manually" 1
204 | 				colour red "[-] Exiting" 2
205 | 				fin
206 | 			else
207 | 				"${pkg_manager_update[@]}" &>/dev/null && "${install_openvpn[@]}" &>/dev/null & pid=$!
208 | 				colour process "[+] Installing OpenVPN..."
209 | 				while :; do
210 |         			running=$(ps aux | grep $pid | wc -l)
211 |         			if [ $running -eq 1 ]; then
212 |                 		break
213 |         			fi
214 | 				done
215 | 				if "${is_openvpn_installed[@]}" &>/dev/null; then
216 | 					colour green "[+] Installation Process Completed" 1
217 | 				else
218 | 					colour red "[-] Installation failed. Please try installing OpenVPN manually -- otherwise ask for further assistance in the TryHackMe Discord server, subreddit or forum" 1
219 | 					colour red "[-] Exiting" 2
220 | 					fin
221 | 				fi
222 | 			fi
223 | 			;;
224 | 	esac
225 | else
226 | 	colour green "[+] OpenVPN is installed" 1	
227 | fi
228 | 
229 | 
230 | #Check that a tun0 exists
231 | if ! ip a | grep -q tun0; then
232 | 	colour red "[-] tun0 interface does not exist" 1
233 | 	printf "Would you like the script to attempt a connection automatically (Y/n)? "
234 | 	read -p "" choice
235 | 	case "$choice" in
236 | 		n|N)
237 | 			printf "\n\nPlease connect to the vpn using the following command:\n"
238 | 			colour code "sudo openvpn $ovpn"
239 | 			printf "\n"
240 | 			colour red "[-] Exiting" 2
241 | 			fin
242 | 			;;
243 | 		*)
244 | 			if connect; then
245 | 				exit 0
246 | 			fi
247 | 			;;
248 | 	esac
249 | else
250 | 	colour green "[+] tun0 exists" 1
251 | fi	
252 | 
253 | 
254 | #Check that the tun0 IP is in the right range
255 | if ! ip a show tun0 | grep -qoE "10\.(2|4|6|8|9|11|13|14|17|50)\.[0-9]{1,3}\.[0-9]{1,3}" | head -1; then
256 | 	colour red "[-] tun0 ip is in the wrong range: $(ip addr show tun0 | grep "inet " | awk '{print $2}')" 1
257 | 	read -p "Would you like the script to attempt to fix this (Y/n)? " choice
258 | 	case "$choice" in
259 | 		n|N)
260 | 			printf "\n\nIf you're using another VPN, please check that it isn't operating on tun0\nOtherwise please regenerate your TryHackMe VPN config pack, or try another server.\n"
261 | 			colour red "[-] Exiting" 2
262 | 			fin
263 | 			;;
264 | 		*)
265 | 			colour green "[+] Resetting tun0 interface" 1
266 | 			ip link delete tun0
267 | 			if connect; then
268 | 				exit 0
269 | 			elif ! ip a | grep -qoE "10\.(2|4|6|8|9|11|13|14|17|50)\.[0-9]{1,3}\.[0-9]{1,3}" | head -1; then
270 | 				colour red "[-] Fatal Error: tun0 IP still in the wrong range: $(ip addr show tun0 | grep "inet " | awk '{print $2}')" 1
271 | 				printf "Please try switching servers and/or regenerating your VPN config\n"
272 | 				colour red "[-] Exiting" 2
273 | 				fin
274 | 			fi
275 | 			;;
276 | 	esac
277 | else
278 | 	colour green "[+] tun0 IP is in the correct range" 1
279 | fi
280 | 
281 | 
282 | 
283 | #Check for multivpn
284 | connections=$(ps aux | grep -v "sudo\|grep" | grep -Eo "openvpn .*\.ovpn" | wc -l)
285 | if [ $connections -gt 1 ]; then
286 | 	colour red "[-] More than one connection running" 1
287 | 	read -p "Would you like the script to attempt to fix this (Y/n)? " choice
288 | 	case $choice in
289 | 		n|N)
290 | 			printf "\n\nPlease run the following command, then reconnect manually:\n"
291 | 			colour code "sudo killall -9 openvpn"
292 | 			fin
293 | 			;;
294 | 		*)
295 | 			killall -9 openvpn
296 | 			colour green "[+] Killed duplicate processes"
297 | 			if connect; then
298 | 				exit 0
299 | 			fi
300 | 	esac
301 | else
302 | 	colour green "[+] Only one instance of OpenVPN is running" 1
303 | fi
304 | 
305 | #Check MTU value
306 | # default mtu is 1500, but get value from the actual tun interface
307 | origin_mtu=$(cat /sys/class/net/tun0/mtu)
308 | # Usually 30 bytes are needed for the vpn additions in the packet
309 | mtu=$((origin_mtu-30))
310 | 
311 | colour process "[+] Confirming connectivity" 2
312 | 
313 | while true; do
314 | 	# ping THM machine without breaking the packet into fragments. If fails, packet too big
315 | 	# -M do disables packet fragmentation
316 | 	# -s sets packet size
317 | 	# -W sets timeout (1 second) (second fractions not working in Ubuntu ping, wtf?)
318 | 	# -c only send 1 ping
319 | 	if [ $(ping -M do -s $mtu -W 1 -c 1 10.10.10.10 >&/dev/null; echo $?) -gt 0 ]; then
320 | 		# A very rare case would be an MTU value below 1000 not working. If that happens, something else is probably wrong - break the MTU check
321 | 		if [[ $mtu -lt 1000 ]]; then
322 | 			colour red "[-] MTU value failed at 1000, aborting MTU check"
323 | 			break
324 | 		fi
325 | 		# decrease MTU until it goes through
326 | 		mtu=$((mtu-30))
327 | 	# if ping goes through, that's a working MTU value
328 | 	else
329 | 		# Add the 30 bytes back
330 | 		mtu=$((mtu+30))
331 | 		# if working with the original value, nothing needs to be done
332 | 		if [[ $mtu -eq $origin_mtu ]]; then
333 | 			colour green "[+] MTU value OK" 1
334 | 			break
335 | 		else
336 | 			colour red "[-] MTU not working with the value of $origin_mtu"
337 | 			# Fix the MTU in the interface
338 | 			sudo ip link set dev tun0 mtu $mtu
339 | 			colour green "[+] MTU set at $mtu in tun0"
340 | 			colour yellow "[!] Note that a working MTU value might change depending on your network condition"
341 | 			# fix the ovpn file
342 | 			read -p "Would you like the script to set the MTU value permanently in your .ovpn file (Y/n)? " choice
343 | 			case $choice in
344 | 				n|N)
345 | 					colour green "[+] You can set the value manually in your .ovpn file with the following line:"
346 | 					colour code "tun-mtu $mtu"
347 | 					;;
348 | 				*)
349 | 					if [ $(grep "thm-troubleshoot" $ovpn >&/dev/null; echo $?) -eq 0 ]; then
350 | 						sed -i "s/tun-mtu.*/tun-mtu $mtu/g" $ovpn
351 | 						colour green "[+] .ovpn file MTU value changed"
352 | 					else
353 | 						sed -i "1i# Added by the thm-troubleshoot script\n# The MTU value might need to be changed depending on your network. Default is 1500\ntun-mtu $mtu\n" $ovpn
354 | 						colour green "[+] .ovpn file MTU value and comment added"
355 | 					fi
356 | 					;;
357 | 			esac
358 | 			break
359 | 		fi
360 | 	fi
361 | done
362 | 
363 | #Final Check
364 | if [ $(ping -c 1 -q 10\.10\.10\.10 >&/dev/null; echo $?) -eq 0 ];then
365 | 	colour green "[+] Connectivity checks completed!" 2
366 | 	colour green "[+] You are connected to the TryHackMe Network" 2
367 | 	printf "Your TryHackMe IP address is: $(curl -s http://10.10.10.10/whoami)\n\n"
368 | 	colour green "Happy Hacking!" 3
369 | else
370 | 	colour red "[-] Something went wrong -- please ask for further assistance in the TryHackMe Discord server, subreddit, or forum" 3
371 | fi
372 | 
373 | printf "\n"
374 | 


--------------------------------------------------------------------------------