HearNoEvil

I also have the Optiplex GX620, and was thinking of using it for Proxmox VE, however, since the CPU needs to support Intel VT, I couldn't do it with the D840 CPU that was already installed, after some research, if you ever plan on using that machine for Proxmox VE, you would need the D960 CPU, and probably a better heat sink. After using Proxmox VE on a custom computer based on the i3 CPU, I can say that it really easy to use. Here is my experience with it: Creating Windows machines was easy enough with the right slip streamed ISO created with Nlite. My intention was to build a virtual network to test Metasploit and fun tools like Nmap, but I noticed that the virtual machines showed up on my home network and used my home router to obtain their IP addresses. Darren said in the show that he got a dedicated line for "The Hacker Challenge", I wonder if their is a way to put these virtual machines on a different subnet to isolate them from my home network, that way I dont have to worry about doing some accidental DOS attacks against my roommates. That is probrably a configuration thing that I'll have to deal with later... Also, Proxmox VE uses VNC to tap into the virtual machines. I have not been successful as of yet in trying a standalone client that can directly access them, without having to log into the web based GUI (I tried TightVNC etc...). It would also be nice if I can remotely access these virtual machines from outside my home network. I guess I could use Team Viewer or possibly LogMeIn Hamachi... Anyway, just my two cents.

Just thought I'd jump on the bandwagon, and open myself up for some social engineering... Name: Unknown (Still thinking of a good handle) Favorite game: Call of Duty 4 (yes, I know it's old) Favorite Windows OS: Windows XP Professional, if(Windows7 == Trash && Vista == Trash){cout << "Hell Yeah!";} Favorite Linux Distro: Backtrack 4 R2 Favorite console: XBOX360 (LBDANKSTER) Sex: Male Age: 29+ Race: Hispanic Height: 6 feet Status: Student, Major CIS - Information Security Favourite band: Sublime Favourite book: The Richest Man in Babylon Favourite movie: Scarface Favourite TV Show: South Park Other hobbies: Web Design, HTML, CSS, Javascript, C++, Networking, Information Security Current projects: Interceptor on MR3202A, brush up on Linux commands, and bash scripting! Future projects: Quadrocopter UAV powered by Linux, Wifi Pineapple, Arduino, 3G, onboard camera, GPS... Trust your Technolust!

If the configuration is correct, this could be a hardware problem. The seller I bought this router from had this to say... RE: openWRT "it is not detecting the Infineon switch chip correctly I think. So the two Ethernet ports are simply switch together on the same switch VLAN." RE: Interceptor setup "The only thing that might not work is the how the switch chip is setup, if both ports are on the trunk VLAN then they get all the traffic. I've attached the ADM6996 spec (that is the chipset it uses for the Ethernet switch). I've got some code we did at my last company which should be opensourced for that chip that sets it up split into two VLAN's." Also, I installed tcpdump from the openWRT kamikaze atheros packages to the router, and it was not seeing any packets on br-lan, and only arp packets from eth0 when I ssh into the device and run tcpdump -i br-lan etc.. When I run /etc/init.d/interceptor start, I get "device eth0.1 is already a member of a bridge; can't enslave it to bridge br-lan" Also, is it normal that eth0.1, eth0.0, eth0 and br-lan all share the same mac address?? I can ssh into it via wifi, the target computer can surf the web, the device is invisible on the network, vpn tunnel seems to work, I get tap0 interface with deamonlogger, yet no packets... bummer!

I reflashed the router, and did the entire install again. This time NO ERROR MESSAGES!!! What I did differently was reboot the device after installing openWRT, and again after installing the packages. Also, no wireless encryption. When I SSH into the router and run ifconfig, eth0.0 and eth0.1 now appears, which was not there before. This may explain why the bridge was not working the first time around. I want to say the interceptor is working, but every time I try tcpdump or wireshark to tap0, all I get is ARP request. I am hooking up the home router to the WAN port (no devices in between), and my test computer (Windows 7 64 bit, no firewall) is connected to the LAN port (no devices in between). My laptop running Backtrack 4 R2 (which has no firewall by default if I'm not mistaken) and is connecting via WIFI. My home network is using a standard 192.168.1.X setup if that makes any difference. Here are my configuration files from the MR3202A router, and the output of ./startup.sh from my wireless laptop. ################### IFCONFIG ######################################### ath0 Link encap:Ethernet HWaddr 00:12:CF:9B:58:F4 inet addr:10.255.255.254 Bcast:10.255.255.255 Mask:255.0.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1342 errors:0 dropped:0 overruns:0 frame:0 TX packets:485 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:126306 (123.3 KiB) TX bytes:68064 (66.4 KiB) br-lan Link encap:Ethernet HWaddr 00:12:CF:9B:58:F3 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:7 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:654 (654.0 B) eth0 Link encap:Ethernet HWaddr 00:12:CF:9B:58:F3 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3017 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:13 dropped:13 overruns:0 carrier:13 collisions:0 txqueuelen:1000 RX bytes:653218 (637.9 KiB) TX bytes:1947 (1.9 KiB) Interrupt:4 Base address:0x1000 eth0.0 Link encap:Ethernet HWaddr 00:12:CF:9B:58:F3 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:7 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:682 (682.0 B) eth0.1 Link encap:Ethernet HWaddr 00:12:CF:9B:58:F3 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:3 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:138 (138.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) wifi0 Link encap:UNSPEC HWaddr 00-12-CF-9B-58-F4-00-00-00-00-00-00-00-00-00-00 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9174 errors:0 dropped:0 overruns:0 frame:3881 TX packets:802 errors:4 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:195 RX bytes:1958316 (1.8 MiB) TX bytes:113675 (111.0 KiB) Interrupt:3 Memory:b0000000-b00ffffc ####################### etc/init.d/interceptor #################################### #!/bin/sh /etc/rc.common start() { ifconfig ath0 10.255.255.254 up ifconfig br-lan 192.168.1.1 brctl addif br-lan eth0.1 } stop() { echo "Nothing to do" } ######################## etc/config/wireless ######################################### config wifi-device wifi0 option type atheros option channel auto # REMOVE THIS LINE TO ENABLE WIFI: # option disabled 1 config wifi-iface option device wifi0 option mode ap option ssid interceptor option encryption none ######################### etc/config/network ####################################### config 'interface' 'loopback' option 'ifname' 'lo' option 'proto' 'static' option 'ipaddr' '127.0.0.1' option 'netmask' '255.0.0.0' config 'interface' 'lan' option 'type' 'bridge' option 'proto' 'static' option 'ipaddr' '192.168.1.1' option 'netmask' '255.255.255.0' option 'ifname' 'eth0.0' config 'interface' 'wan' option 'ifname' 'eth0.1' #################################################################################### root@bt:~# ./startup.sh Starting vpn server Giving server chance to start Sat Feb 19 17:31:32 2011 OpenVPN 2.1_rc11 i486-pc-linux-gnu [sSL] [LZO2] [EPOLL] [PKCS11] built on Oct 15 2008 Sat Feb 19 17:31:32 2011 Diffie-Hellman initialized with 1024 bit key Sat Feb 19 17:31:32 2011 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted> Sat Feb 19 17:31:32 2011 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ] Sat Feb 19 17:31:32 2011 TUN/TAP device tap0 opened Sat Feb 19 17:31:32 2011 TUN/TAP TX queue length set to 100 Sat Feb 19 17:31:32 2011 /sbin/ifconfig tap0 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255 Sat Feb 19 17:31:32 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Sat Feb 19 17:31:32 2011 GID set to root Sat Feb 19 17:31:32 2011 UID set to root Sat Feb 19 17:31:32 2011 Socket Buffers: R=[112640->131072] S=[112640->131072] Sat Feb 19 17:31:32 2011 UDPv4 link local (bound): [undef]:1194 Sat Feb 19 17:31:32 2011 UDPv4 link remote: [undef] Sat Feb 19 17:31:32 2011 MULTI: multi_init called, r=256 v=256 Sat Feb 19 17:31:32 2011 IFCONFIG POOL: base=10.8.0.2 size=253 Sat Feb 19 17:31:32 2011 IFCONFIG POOL LIST Sat Feb 19 17:31:32 2011 client1,10.8.0.2 Sat Feb 19 17:31:32 2011 Initialization Sequence Completed Starting remote services root@10.255.255.254's password: Sat Feb 19 17:31:00 UTC 2011 Sat Feb 19 17:31:06 2011 OpenVPN 2.0.9 mips-linux [sSL] [LZO] built on May 17 2009 Sat Feb 19 17:31:06 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Sat Feb 19 17:31:06 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Sat Feb 19 17:31:07 2011 LZO compression initialized Sat Feb 19 17:31:07 2011 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ] Sat Feb 19 17:31:50 2011 MULTI: multi_create_instance called Sat Feb 19 17:31:50 2011 10.255.255.254:33751 Re-using SSL/TLS context Sat Feb 19 17:31:50 2011 10.255.255.254:33751 LZO compression initialized Sat Feb 19 17:31:50 2011 10.255.255.254:33751 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ] Sat Feb 19 17:31:50 2011 10.255.255.254:33751 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Sat Feb 19 17:31:50 2011 10.255.255.254:33751 Local Options hash (VER=V4): 'f7df56b8' Sat Feb 19 17:31:50 2011 10.255.255.254:33751 Expected Remote Options hash (VER=V4): 'd79ca330' Sat Feb 19 17:31:50 2011 10.255.255.254:33751 TLS: Initial packet from 10.255.255.254:33751, sid=de055d50 fe2f91ec Sat Feb 19 17:31:07 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Sat Feb 19 17:31:07 2011 Local Options hash (VER=V4): 'd79ca330' Sat Feb 19 17:31:07 2011 Expected Remote Options hash (VER=V4): 'f7df56b8' Sat Feb 19 17:31:07 2011 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay Sat Feb 19 17:31:07 2011 UDPv4 link local: [undef] Sat Feb 19 17:31:07 2011 UDPv4 link remote: 10.255.255.253:1194 Sat Feb 19 17:31:07 2011 TLS: Initial packet from 10.255.255.253:1194, sid=61289952 209be1c7 Sat Feb 19 17:31:07 2011 VERIFY OK: depth=1, /C=GB/ST=XX/L=NinjaLand/O=Interceptor/CN=Interceptor_CA/emailAddress=bob@bobstories.com Sat Feb 19 17:31:07 2011 VERIFY OK: depth=0, /C=GB/ST=XX/L=NinjaLand/O=Interceptor/CN=server/emailAddress=bob@bobstories.com Sat Feb 19 17:31:51 2011 10.255.255.254:33751 VERIFY OK: depth=1, /C=GB/ST=XX/L=NinjaLand/O=Interceptor/CN=Interceptor_CA/emailAddress=bob@bobstories.com Sat Feb 19 17:31:51 2011 10.255.255.254:33751 VERIFY OK: depth=0, /C=GB/ST=XX/L=NinjaLand/O=Interceptor/CN=client1/emailAddress=bob@bobstories.com Sat Feb 19 17:31:51 2011 10.255.255.254:33751 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Sat Feb 19 17:31:51 2011 10.255.255.254:33751 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Feb 19 17:31:51 2011 10.255.255.254:33751 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Sat Feb 19 17:31:51 2011 10.255.255.254:33751 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Feb 19 17:31:08 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Sat Feb 19 17:31:08 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Feb 19 17:31:08 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Sat Feb 19 17:31:08 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Feb 19 17:31:51 2011 10.255.255.254:33751 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Sat Feb 19 17:31:51 2011 10.255.255.254:33751 [client1] Peer Connection Initiated with 10.255.255.254:33751 Sat Feb 19 17:31:08 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Sat Feb 19 17:31:08 2011 [server] Peer Connection Initiated with 10.255.255.253:1194 Sat Feb 19 17:31:09 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Sat Feb 19 17:31:52 2011 client1/10.255.255.254:33751 PUSH: Received control message: 'PUSH_REQUEST' Sat Feb 19 17:31:52 2011 client1/10.255.255.254:33751 SENT CONTROL [client1]: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1) Sat Feb 19 17:31:09 2011 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' Sat Feb 19 17:31:09 2011 OPTIONS IMPORT: timers and/or timeouts modified Sat Feb 19 17:31:09 2011 OPTIONS IMPORT: --ifconfig/up options modified Sat Feb 19 17:31:09 2011 OPTIONS IMPORT: route options modified Sat Feb 19 17:31:09 2011 TUN/TAP device tap0 opened Sat Feb 19 17:31:09 2011 /sbin/ifconfig tap0 10.8.0.2 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255 Sat Feb 19 17:31:09 2011 GID set to nogroup Sat Feb 19 17:31:09 2011 UID set to nobody Sat Feb 19 17:31:09 2011 Initialization Sequence Completed [-] Daemon mode set [-] Interface set to br-lan [-] Log filename set to "daemonlogger.pcap" [-] Tap output interface set to tap0[-] Pidfile configured to "daemonlogger.pid" [-] Pidpath configured to "/var/run" [-] Rollover size set to 2147483648 bytes [-] Rollover time configured for 0 seconds [-] Pruning behavior set to oldest IN DIRECTORY -*> DaemonLogger <*- Version 1.2.1 By Martin Roesch © Copyright 2006-2007 Sourcefire Inc., All rights reserved

Thanks Digininja, Ok, so I created a wpa_suppliment.conf file, which fixed problem number 2. Now I can forget about WICD and connect wirelessly to the MR3202A router using the Konsole. I also have to give thanks to Mr_Protocol, as I edited the server.conf file and changed "user nobody" and "group nobody" to "user root" and "group root", which fixed problem 3, and created tap0 without any problems. As far as bridging the LAN and WAN interfaces are concerned, I am still stumped. This seems to be the only thing that is stopping me from using the interceptor properly. Below is a printout of my configuration files: /etc/config/wireless (on MR3202A router) config wifi-device wifi0 option type atheros option channel auto option disabled 0 config wifi-iface option device wifi0 option mode ap option ssid interceptor option encryption wpa option key 'stupid123' /etc/config/network (on MR3202A router) config 'interface' 'loopback' option 'ifname' 'lo' option 'proto' 'static' option 'ipaddr' '127.0.0.1' option 'netmask' '255.0.0.0' config 'interface' 'lan' option 'type' 'bridge' option 'proto' 'static' # Remove this file when using for real so the bridge won't accidentally option 'ipaddr' '192.168.1.1' option 'netmask' '255.255.255.0' option 'ifname' 'eth0.0' config 'interface' 'wan' option 'ifname' 'eth0.1' contents of wpa_suppliment.conf ctrl_interface=/var/run/wpa_supplicant #ap_scan=2 network={ ssid="interceptor" scan_ssid=1 proto=WPA RSN key_mgmt=WPA-PSK pairwise=CCMP TKIP group=CCMP TKIP psk=aaf08d65b637f88e6d76ab7cbe5c4071a67ed4b99ea1374bb9bc6241214c1de0 } // This is what displays after running ./startup.sh Starting vpn server Giving server chance to start Thu Feb 17 22:02:43 2011 OpenVPN 2.1_rc11 i486-pc-linux-gnu [sSL] [LZO2] [EPOLL] [PKCS11] built on Oct 15 2008 Thu Feb 17 22:02:43 2011 Diffie-Hellman initialized with 1024 bit key Thu Feb 17 22:02:43 2011 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted > Thu Feb 17 22:02:43 2011 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ] Thu Feb 17 22:02:43 2011 TUN/TAP device tap0 opened Thu Feb 17 22:02:43 2011 TUN/TAP TX queue length set to 100 Thu Feb 17 22:02:43 2011 /sbin/ifconfig tap0 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255 Thu Feb 17 22:02:43 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET: 32 EL:0 AF:3/1 ] Thu Feb 17 22:02:43 2011 GID set to root Thu Feb 17 22:02:43 2011 UID set to root Thu Feb 17 22:02:43 2011 Socket Buffers: R=[112640->131072] S=[112640->131072] Thu Feb 17 22:02:43 2011 UDPv4 link local (bound): [undef]:1194 Thu Feb 17 22:02:43 2011 UDPv4 link remote: [undef] Thu Feb 17 22:02:43 2011 MULTI: multi_init called, r=256 v=256 Thu Feb 17 22:02:43 2011 IFCONFIG POOL: base=10.8.0.2 size=253 Thu Feb 17 22:02:43 2011 IFCONFIG POOL LIST Thu Feb 17 22:02:43 2011 client1,10.8.0.2 Thu Feb 17 22:02:43 2011 Initialization Sequence Completed Thu Feb 17 22:02:45 2011 MULTI: multi_create_instance called Thu Feb 17 22:02:45 2011 10.255.255.254:56994 Re-using SSL/TLS context Thu Feb 17 22:02:45 2011 10.255.255.254:56994 LZO compression initialized Thu Feb 17 22:02:45 2011 10.255.255.254:56994 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ] Thu Feb 17 22:02:45 2011 10.255.255.254:56994 Data Channel MTU parms [ L:1574 D: 1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Thu Feb 17 22:02:45 2011 10.255.255.254:56994 Local Options hash (VER=V4): 'f7df 56b8' Thu Feb 17 22:02:45 2011 10.255.255.254:56994 Expected Remote Options hash (VER= V4): 'd79ca330' Thu Feb 17 22:02:45 2011 10.255.255.254:56994 TLS: Initial packet from 10.255.25 5.254:56994, sid=7ad71d8e 59d09960 Thu Feb 17 22:02:46 2011 10.255.255.254:56994 VERIFY OK: depth=1, /C=US/ST=CA/L=NinjaLand/O=Interceptor/CN=Unknown/emailAddress=me@myhost.mydomain Thu Feb 17 22:02:46 2011 10.255.255.254:56994 VERIFY OK: depth=0, /C=US/ST=CA/L=NinjaLand/O=Interceptor/CN=client1/emailAddress=me@myhost.mydomain Thu Feb 17 22:02:46 2011 10.255.255.254:56994 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 17 22:02:46 2011 10.255.255.254:56994 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 17 22:02:46 2011 10.255.255.254:56994 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 17 22:02:46 2011 10.255.255.254:56994 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 17 22:02:46 2011 10.255.255.254:56994 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Thu Feb 17 22:02:46 2011 10.255.255.254:56994 [client1] Peer Connection Initiated with 10.255.255.254:56994 Thu Feb 17 22:02:47 2011 client1/10.255.255.254:56994 PUSH: Received control message: 'PUSH_REQUEST' Thu Feb 17 22:02:47 2011 client1/10.255.255.254:56994 SENT CONTROL [client1]: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1) Starting remote services root@10.255.255.254's password: Thu Feb 17 22:02:00 UTC 2011 Thu Feb 17 22:02:00 2011 OpenVPN 2.0.9 mips-linux [sSL] [LZO] built on May 17 2009 Thu Feb 17 22:02:00 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Thu Feb 17 22:02:00 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Feb 17 22:02:00 2011 LZO compression initialized Thu Feb 17 22:02:00 2011 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ] Thu Feb 17 22:02:00 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Thu Feb 17 22:02:00 2011 Local Options hash (VER=V4): 'd79ca330' Thu Feb 17 22:02:55 2011 MULTI: multi_create_instance called Thu Feb 17 22:02:55 2011 10.255.255.254:50666 Re-using SSL/TLS context Thu Feb 17 22:02:55 2011 10.255.255.254:50666 LZO compression initialized Thu Feb 17 22:02:55 2011 10.255.255.254:50666 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ] Thu Feb 17 22:02:55 2011 10.255.255.254:50666 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Thu Feb 17 22:02:55 2011 10.255.255.254:50666 Local Options hash (VER=V4): 'f7df56b8' Thu Feb 17 22:02:55 2011 10.255.255.254:50666 Expected Remote Options hash (VER=V4): 'd79ca330' Thu Feb 17 22:02:55 2011 10.255.255.254:50666 TLS: Initial packet from 10.255.255.254:50666, sid=01978ea9 b7e38470 Thu Feb 17 22:02:00 2011 Expected Remote Options hash (VER=V4): 'f7df56b8' Thu Feb 17 22:02:00 2011 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay Thu Feb 17 22:02:00 2011 UDPv4 link local: [undef] Thu Feb 17 22:02:00 2011 UDPv4 link remote: 10.255.255.253:1194 Thu Feb 17 22:02:00 2011 TLS: Initial packet from 10.255.255.253:1194, sid=47d1f7f8 284b8684 Thu Feb 17 22:02:00 2011 VERIFY OK: depth=1, /C=US/ST=CA/L=NinjaLand/O=Interceptor/CN=Unknown/emailAddress=me@myhost.mydomain Thu Feb 17 22:02:00 2011 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydomain Thu Feb 17 22:02:56 2011 10.255.255.254:50666 VERIFY OK: depth=1, /C=US/ST=CA/L=NinjaLand/O=Interceptor/CN=Unknown/emailAddress=me@myhost.mydomain Thu Feb 17 22:02:56 2011 10.255.255.254:50666 VERIFY OK: depth=0, /C=US/ST=CA/L=NinjaLand/O=Interceptor/CN=client1/emailAddress=me@myhost.mydomain Thu Feb 17 22:02:56 2011 10.255.255.254:50666 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 17 22:02:56 2011 10.255.255.254:50666 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 17 22:02:56 2011 10.255.255.254:50666 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 17 22:02:56 2011 10.255.255.254:50666 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 17 22:02:01 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 17 22:02:01 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 17 22:02:01 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 17 22:02:01 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 17 22:02:56 2011 10.255.255.254:50666 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Thu Feb 17 22:02:56 2011 10.255.255.254:50666 [client1] Peer Connection Initiated with 10.255.255.254:50666 Thu Feb 17 22:02:56 2011 MULTI: new connection by client 'client1' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect. Thu Feb 17 22:02:01 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Thu Feb 17 22:02:01 2011 [server] Peer Connection Initiated with 10.255.255.253:1194 Thu Feb 17 22:02:02 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Thu Feb 17 22:02:58 2011 client1/10.255.255.254:50666 PUSH: Received control message: 'PUSH_REQUEST' Thu Feb 17 22:02:58 2011 client1/10.255.255.254:50666 SENT CONTROL [client1]: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1) Thu Feb 17 22:02:02 2011 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' Thu Feb 17 22:02:02 2011 OPTIONS IMPORT: timers and/or timeouts modified Thu Feb 17 22:02:02 2011 OPTIONS IMPORT: --ifconfig/up options modified Thu Feb 17 22:02:02 2011 OPTIONS IMPORT: route options modified Thu Feb 17 22:02:02 2011 TUN/TAP device tap1 opened Thu Feb 17 22:02:02 2011 /sbin/ifconfig tap1 10.8.0.2 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255 Thu Feb 17 22:02:02 2011 GID set to nogroup Thu Feb 17 22:02:02 2011 UID set to nobody Thu Feb 17 22:02:02 2011 Initialization Sequence Completed [-] Daemon mode set [-] Interface set to br-lan [-] Log filename set to "daemonlogger.pcap" [-] Tap output interface set to tap0[-] Pidfile configured to "daemonlogger.pid" [-] Pidpath configured to "/var/run" [-] Rollover size set to 2147483648 bytes [-] Rollover time configured for 0 seconds [-] Pruning behavior set to oldest IN DIRECTORY -*> DaemonLogger <*- Version 1.2.1 By Martin Roesch © Copyright 2006-2007 Sourcefire Inc., All rights reserved

The MR3202A has a MIPS CPU, Atheros chipset, 2 ethernet ports, and compatible with openWRT. It looks just like the MR3201A router that is used in place of the Fon 2100 for Jasager (Pineapple), except for the second ethernet port. Using digininja's full install walkthrough at http://www.digininja.org/interceptor/install_walkthrough.php, I was able to get the interceptor package installed, although I did deviate somewhat. My operating system of choice was Backtrack 4 R2. These were the differences... 1. Instead of using redboot.pl and TFTP to install openWRT 8.09, I used a program called "Fon Flash". 2. I couldnt find the same version of openVPN on openWRT's website http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/, so I used openvpn_2.0.9-5_mips.ipk instead. 3. The folder was different for this step "cp -a /usr/share/openvpn/easy-rsa/* .", it was found at "/usr/share/openvpn/easy-rsa/2.0" instead. 4. The IP adress for SSH changed during the install, so when it came to this step "scp client1.crt client1.key ca.crt 192.168.1.1:/interceptor/openvpn/client/", I reconnected via SSH to 10.255.255.254, and used that instead. 5. "wpa_supplicant -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -B" wasnt working for me (maybe because I was using backtrack?), so I used WICD Network manager instead. Static IP 10.255.255.254, 255.255.255.0 Network mask, gateway blank, DNS 8.8.8.8. Other than that, I pretty much followed the directions, however I ran into a few errors. 1. When I type "/etc/init.d/interceptor start" during SSH session on router, I get error message "ifconfig: SIOCSIFADDR: No such device. bridge br-lan does not exist!" 2. "wpa_supplicant -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -B" gave me error message "Failed to read or parse configuration..." 3. When I run ./startup.sh I get "failed to find GID for nobody", and I cannot access interface tap0 unless I comment out "user nobody, and group nobody" from server.conf. When I did get the tap0 interface, I saw no packets in Wireshark, but that may just be because I have some confuration settings incorrect. When I put the MR3202A in between my home router and my pc, my pc still gets internet access, so that is good. I can still SSH into the MR3202A router, but after days of reading blogs, and staying up all night, I still have not gotten the interceptor to work. I hope someone can learn from my experiences, or even better tell me what I am doing wrong!!! Google offers little assistance in this matter... ;) If anyone is interested, the user manual for this router can be found at https://fjallfoss.fcc.gov/oetcf/eas/reports/ViewExhibitReport.cfm?mode=Exhibits&RequestTimeout=500&calledFromFrame=N&application_id=298693&fcc_id=%27HEDMR3202A%27