Problems Installing Interceptor On The Mr3202a Router

[HearNoEvil]

The MR3202A has a MIPS CPU, Atheros chipset, 2 ethernet ports, and compatible with openWRT. It looks just like the MR3201A router that is used in place of the Fon 2100 for Jasager (Pineapple), except for the second ethernet port.

Using digininja's full install walkthrough at http://www.digininja.org/interceptor/install_walkthrough.php, I was able to get the interceptor package installed, although I did deviate somewhat. My operating system of choice was Backtrack 4 R2.

These were the differences...

1. Instead of using redboot.pl and TFTP to install openWRT 8.09, I used a program called "Fon Flash".

2. I couldnt find the same version of openVPN on openWRT's website http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/, so I used openvpn_2.0.9-5_mips.ipk instead.

3. The folder was different for this step "cp -a /usr/share/openvpn/easy-rsa/* .", it was found at "/usr/share/openvpn/easy-rsa/2.0" instead.

4. The IP adress for SSH changed during the install, so when it came to this step "scp client1.crt client1.key ca.crt 192.168.1.1:/interceptor/openvpn/client/", I reconnected via SSH to 10.255.255.254, and used that instead.

5. "wpa_supplicant -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -B" wasnt working for me (maybe because I was using backtrack?), so I used WICD Network manager instead. Static IP 10.255.255.254, 255.255.255.0 Network mask, gateway blank, DNS 8.8.8.8.

Other than that, I pretty much followed the directions, however I ran into a few errors.

1. When I type "/etc/init.d/interceptor start" during SSH session on router, I get error message "ifconfig: SIOCSIFADDR: No such device. bridge br-lan does not exist!"

2. "wpa_supplicant -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -B" gave me error message "Failed to read or parse configuration..."

3. When I run ./startup.sh I get "failed to find GID for nobody", and I cannot access interface tap0 unless I comment out "user nobody, and group nobody" from server.conf.

When I did get the tap0 interface, I saw no packets in Wireshark, but that may just be because I have some confuration settings incorrect.

When I put the MR3202A in between my home router and my pc, my pc still gets internet access, so that is good. I can still SSH into the MR3202A router, but after days of reading blogs, and staying up all night, I still have not gotten the interceptor to work. I hope someone can learn from my experiences, or even better tell me what I am doing wrong!!! Google offers little assistance in this matter... ;)

If anyone is interested, the user manual for this router can be found at https://fjallfoss.fcc.gov/oetcf/eas/reports/ViewExhibitReport.cfm?mode=Exhibits&RequestTimeout=500&calledFromFrame=N&application_id=298693&fcc_id=%27HEDMR3202A%27

[Mr-Protocol]

Well your first error is the reason why it's not working. Need to bridge the two LAN interfaces.

The second error means there is something wrong with your config. Not sure what, that is up to you to figure out since I dont have the hardware.

The third one means you dont have any group ID's for the account you are trying to use.

Instead of commenting out the nobody stuff. try changing the account to root. user root group root.

Edited February 17, 2011 by Mr-Protocol

[digininja]

As soon as you get errors like 1, 2 and 3 it means that something is wrong. There is no point trying to continue when number 1 failed there as it is unlikely the rest of the setup will work.

1. There is no bridge interface, either something else failed or you didn't set one up

2. The config file doesn't exist, you need to create it and set it up so that it has the details for the AP. You'll find plenty of example config files to base this on if you google wpa config file

3. don't know but it won't work at this point anyway as you don't have a network connection or bridge.

[HearNoEvil]

As soon as you get errors like 1, 2 and 3 it means that something is wrong. There is no point trying to continue when number 1 failed there as it is unlikely the rest of the setup will work.

1. There is no bridge interface, either something else failed or you didn't set one up

2. The config file doesn't exist, you need to create it and set it up so that it has the details for the AP. You'll find plenty of example config files to base this on if you google wpa config file

3. don't know but it won't work at this point anyway as you don't have a network connection or bridge.

Thanks Digininja,

Ok, so I created a wpa_suppliment.conf file, which fixed problem number 2. Now I can forget about WICD and connect wirelessly to the MR3202A router using the Konsole. I also have to give thanks to Mr_Protocol, as I edited the server.conf file and changed "user nobody" and "group nobody" to "user root" and "group root", which fixed problem 3, and created tap0 without any problems.

As far as bridging the LAN and WAN interfaces are concerned, I am still stumped. This seems to be the only thing that is stopping me from using the interceptor properly. Below is a printout of my configuration files:

/etc/config/wireless (on MR3202A router)

config wifi-device wifi0

option type atheros

option channel auto

option disabled 0

config wifi-iface

option device wifi0

option mode ap

option ssid interceptor

option encryption wpa

option key 'stupid123'

/etc/config/network (on MR3202A router)

config 'interface' 'loopback'

option 'ifname' 'lo'

option 'proto' 'static'

option 'ipaddr' '127.0.0.1'

option 'netmask' '255.0.0.0'

config 'interface' 'lan'

option 'type' 'bridge'

option 'proto' 'static'

# Remove this file when using for real so the bridge won't accidentally

option 'ipaddr' '192.168.1.1'

option 'netmask' '255.255.255.0'

option 'ifname' 'eth0.0'

config 'interface' 'wan'

option 'ifname' 'eth0.1'

contents of wpa_suppliment.conf

ctrl_interface=/var/run/wpa_supplicant

#ap_scan=2

network={

ssid="interceptor"

scan_ssid=1

proto=WPA RSN

key_mgmt=WPA-PSK

pairwise=CCMP TKIP

group=CCMP TKIP

psk=aaf08d65b637f88e6d76ab7cbe5c4071a67ed4b99ea1374bb9bc6241214c1de0

}

// This is what displays after running ./startup.sh

Starting vpn server

Giving server chance to start

Thu Feb 17 22:02:43 2011 OpenVPN 2.1_rc11 i486-pc-linux-gnu [sSL] [LZO2] [EPOLL]

[PKCS11] built on Oct 15 2008

Thu Feb 17 22:02:43 2011 Diffie-Hellman initialized with 1024 bit key

Thu Feb 17 22:02:43 2011 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted

>

Thu Feb 17 22:02:43 2011 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0

]

Thu Feb 17 22:02:43 2011 TUN/TAP device tap0 opened

Thu Feb 17 22:02:43 2011 TUN/TAP TX queue length set to 100

Thu Feb 17 22:02:43 2011 /sbin/ifconfig tap0 10.8.0.1 netmask 255.255.255.0 mtu

1500 broadcast 10.8.0.255

Thu Feb 17 22:02:43 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:

32 EL:0 AF:3/1 ]

Thu Feb 17 22:02:43 2011 GID set to root

Thu Feb 17 22:02:43 2011 UID set to root

Thu Feb 17 22:02:43 2011 Socket Buffers: R=[112640->131072] S=[112640->131072]

Thu Feb 17 22:02:43 2011 UDPv4 link local (bound): [undef]:1194

Thu Feb 17 22:02:43 2011 UDPv4 link remote: [undef]

Thu Feb 17 22:02:43 2011 MULTI: multi_init called, r=256 v=256

Thu Feb 17 22:02:43 2011 IFCONFIG POOL: base=10.8.0.2 size=253

Thu Feb 17 22:02:43 2011 IFCONFIG POOL LIST

Thu Feb 17 22:02:43 2011 client1,10.8.0.2

Thu Feb 17 22:02:43 2011 Initialization Sequence Completed

Thu Feb 17 22:02:45 2011 MULTI: multi_create_instance called

Thu Feb 17 22:02:45 2011 10.255.255.254:56994 Re-using SSL/TLS context

Thu Feb 17 22:02:45 2011 10.255.255.254:56994 LZO compression initialized

Thu Feb 17 22:02:45 2011 10.255.255.254:56994 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]

Thu Feb 17 22:02:45 2011 10.255.255.254:56994 Data Channel MTU parms [ L:1574 D: 1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]

Thu Feb 17 22:02:45 2011 10.255.255.254:56994 Local Options hash (VER=V4): 'f7df 56b8'

Thu Feb 17 22:02:45 2011 10.255.255.254:56994 Expected Remote Options hash (VER= V4): 'd79ca330'

Thu Feb 17 22:02:45 2011 10.255.255.254:56994 TLS: Initial packet from 10.255.25 5.254:56994, sid=7ad71d8e 59d09960

Thu Feb 17 22:02:46 2011 10.255.255.254:56994 VERIFY OK: depth=1, /C=US/ST=CA/L=NinjaLand/O=Interceptor/CN=Unknown/emailAddress=me@myhost.mydomain

Thu Feb 17 22:02:46 2011 10.255.255.254:56994 VERIFY OK: depth=0, /C=US/ST=CA/L=NinjaLand/O=Interceptor/CN=client1/emailAddress=me@myhost.mydomain

Thu Feb 17 22:02:46 2011 10.255.255.254:56994 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

Thu Feb 17 22:02:46 2011 10.255.255.254:56994 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Feb 17 22:02:46 2011 10.255.255.254:56994 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

Thu Feb 17 22:02:46 2011 10.255.255.254:56994 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Feb 17 22:02:46 2011 10.255.255.254:56994 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

Thu Feb 17 22:02:46 2011 10.255.255.254:56994 [client1] Peer Connection Initiated with 10.255.255.254:56994

Thu Feb 17 22:02:47 2011 client1/10.255.255.254:56994 PUSH: Received control message: 'PUSH_REQUEST'

Thu Feb 17 22:02:47 2011 client1/10.255.255.254:56994 SENT CONTROL [client1]: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1)

Starting remote services

root@10.255.255.254's password:

Thu Feb 17 22:02:00 UTC 2011

Thu Feb 17 22:02:00 2011 OpenVPN 2.0.9 mips-linux [sSL] [LZO] built on May 17 2009

Thu Feb 17 22:02:00 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.

Thu Feb 17 22:02:00 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Thu Feb 17 22:02:00 2011 LZO compression initialized

Thu Feb 17 22:02:00 2011 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]

Thu Feb 17 22:02:00 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]

Thu Feb 17 22:02:00 2011 Local Options hash (VER=V4): 'd79ca330'

Thu Feb 17 22:02:55 2011 MULTI: multi_create_instance called

Thu Feb 17 22:02:55 2011 10.255.255.254:50666 Re-using SSL/TLS context

Thu Feb 17 22:02:55 2011 10.255.255.254:50666 LZO compression initialized

Thu Feb 17 22:02:55 2011 10.255.255.254:50666 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]

Thu Feb 17 22:02:55 2011 10.255.255.254:50666 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]

Thu Feb 17 22:02:55 2011 10.255.255.254:50666 Local Options hash (VER=V4): 'f7df56b8'

Thu Feb 17 22:02:55 2011 10.255.255.254:50666 Expected Remote Options hash (VER=V4): 'd79ca330'

Thu Feb 17 22:02:55 2011 10.255.255.254:50666 TLS: Initial packet from 10.255.255.254:50666, sid=01978ea9 b7e38470

Thu Feb 17 22:02:00 2011 Expected Remote Options hash (VER=V4): 'f7df56b8'

Thu Feb 17 22:02:00 2011 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay

Thu Feb 17 22:02:00 2011 UDPv4 link local: [undef]

Thu Feb 17 22:02:00 2011 UDPv4 link remote: 10.255.255.253:1194

Thu Feb 17 22:02:00 2011 TLS: Initial packet from 10.255.255.253:1194, sid=47d1f7f8 284b8684

Thu Feb 17 22:02:00 2011 VERIFY OK: depth=1, /C=US/ST=CA/L=NinjaLand/O=Interceptor/CN=Unknown/emailAddress=me@myhost.mydomain

Thu Feb 17 22:02:00 2011 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydomain

Thu Feb 17 22:02:56 2011 10.255.255.254:50666 VERIFY OK: depth=1, /C=US/ST=CA/L=NinjaLand/O=Interceptor/CN=Unknown/emailAddress=me@myhost.mydomain

Thu Feb 17 22:02:56 2011 10.255.255.254:50666 VERIFY OK: depth=0, /C=US/ST=CA/L=NinjaLand/O=Interceptor/CN=client1/emailAddress=me@myhost.mydomain

Thu Feb 17 22:02:56 2011 10.255.255.254:50666 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

Thu Feb 17 22:02:56 2011 10.255.255.254:50666 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Feb 17 22:02:56 2011 10.255.255.254:50666 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

Thu Feb 17 22:02:56 2011 10.255.255.254:50666 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Feb 17 22:02:01 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

Thu Feb 17 22:02:01 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Feb 17 22:02:01 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

Thu Feb 17 22:02:01 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Feb 17 22:02:56 2011 10.255.255.254:50666 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

Thu Feb 17 22:02:56 2011 10.255.255.254:50666 [client1] Peer Connection Initiated with 10.255.255.254:50666

Thu Feb 17 22:02:56 2011 MULTI: new connection by client 'client1' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.

Thu Feb 17 22:02:01 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

Thu Feb 17 22:02:01 2011 [server] Peer Connection Initiated with 10.255.255.253:1194

Thu Feb 17 22:02:02 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

Thu Feb 17 22:02:58 2011 client1/10.255.255.254:50666 PUSH: Received control message: 'PUSH_REQUEST'

Thu Feb 17 22:02:58 2011 client1/10.255.255.254:50666 SENT CONTROL [client1]: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1)

Thu Feb 17 22:02:02 2011 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0'

Thu Feb 17 22:02:02 2011 OPTIONS IMPORT: timers and/or timeouts modified

Thu Feb 17 22:02:02 2011 OPTIONS IMPORT: --ifconfig/up options modified

Thu Feb 17 22:02:02 2011 OPTIONS IMPORT: route options modified

Thu Feb 17 22:02:02 2011 TUN/TAP device tap1 opened

Thu Feb 17 22:02:02 2011 /sbin/ifconfig tap1 10.8.0.2 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255

Thu Feb 17 22:02:02 2011 GID set to nogroup

Thu Feb 17 22:02:02 2011 UID set to nobody

Thu Feb 17 22:02:02 2011 Initialization Sequence Completed

[-] Daemon mode set

[-] Interface set to br-lan

[-] Log filename set to "daemonlogger.pcap"

[-] Tap output interface set to tap0[-] Pidfile configured to "daemonlogger.pid"

[-] Pidpath configured to "/var/run"

[-] Rollover size set to 2147483648 bytes

[-] Rollover time configured for 0 seconds

[-] Pruning behavior set to oldest IN DIRECTORY

-*> DaemonLogger <*-

Version 1.2.1

By Martin Roesch

© Copyright 2006-2007 Sourcefire Inc., All rights reserved

[digininja]

That output looks fine to me, you sure its not working now?

[HearNoEvil]

That output looks fine to me, you sure its not working now?

I reflashed the router, and did the entire install again. This time NO ERROR MESSAGES!!!

What I did differently was reboot the device after installing openWRT, and again after installing the packages. Also, no wireless encryption.

When I SSH into the router and run ifconfig, eth0.0 and eth0.1 now appears, which was not there before. This may explain why the bridge was not working the first time around.

I want to say the interceptor is working, but every time I try tcpdump or wireshark to tap0, all I get is ARP request. I am hooking up the home router to the WAN port (no devices in between), and my test computer (Windows 7 64 bit, no firewall) is connected to the LAN port (no devices in between). My laptop running Backtrack 4 R2 (which has no firewall by default if I'm not mistaken) and is connecting via WIFI. My home network is using a standard 192.168.1.X setup if that makes any difference.

Here are my configuration files from the MR3202A router, and the output of ./startup.sh from my wireless laptop.

################### IFCONFIG #########################################

ath0 Link encap:Ethernet HWaddr 00:12:CF:9B:58:F4

inet addr:10.255.255.254 Bcast:10.255.255.255 Mask:255.0.0.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:1342 errors:0 dropped:0 overruns:0 frame:0

TX packets:485 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:126306 (123.3 KiB) TX bytes:68064 (66.4 KiB)

br-lan Link encap:Ethernet HWaddr 00:12:CF:9B:58:F3

inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:7 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 B) TX bytes:654 (654.0 B)

eth0 Link encap:Ethernet HWaddr 00:12:CF:9B:58:F3

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:3017 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:13 dropped:13 overruns:0 carrier:13

collisions:0 txqueuelen:1000

RX bytes:653218 (637.9 KiB) TX bytes:1947 (1.9 KiB)

Interrupt:4 Base address:0x1000

eth0.0 Link encap:Ethernet HWaddr 00:12:CF:9B:58:F3

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:7 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 B) TX bytes:682 (682.0 B)

eth0.1 Link encap:Ethernet HWaddr 00:12:CF:9B:58:F3

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:3 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 B) TX bytes:138 (138.0 B)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

wifi0 Link encap:UNSPEC HWaddr 00-12-CF-9B-58-F4-00-00-00-00-00-00-00-00-00-00

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:9174 errors:0 dropped:0 overruns:0 frame:3881

TX packets:802 errors:4 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:195

RX bytes:1958316 (1.8 MiB) TX bytes:113675 (111.0 KiB)

Interrupt:3 Memory:b0000000-b00ffffc

####################### etc/init.d/interceptor ####################################

#!/bin/sh /etc/rc.common

start() {

ifconfig ath0 10.255.255.254 up

ifconfig br-lan 192.168.1.1

brctl addif br-lan eth0.1

}

stop() {

echo "Nothing to do"

}

######################## etc/config/wireless #########################################

config wifi-device wifi0

option type atheros

option channel auto

# REMOVE THIS LINE TO ENABLE WIFI:

# option disabled 1

config wifi-iface

option device wifi0

option mode ap

option ssid interceptor

option encryption none

######################### etc/config/network #######################################

config 'interface' 'loopback'

option 'ifname' 'lo'

option 'proto' 'static'

option 'ipaddr' '127.0.0.1'

option 'netmask' '255.0.0.0'

config 'interface' 'lan'

option 'type' 'bridge'

option 'proto' 'static'

option 'ipaddr' '192.168.1.1'

option 'netmask' '255.255.255.0'

option 'ifname' 'eth0.0'

config 'interface' 'wan'

option 'ifname' 'eth0.1'

####################################################################################

root@bt:~# ./startup.sh

Starting vpn server

Giving server chance to start

Sat Feb 19 17:31:32 2011 OpenVPN 2.1_rc11 i486-pc-linux-gnu [sSL] [LZO2] [EPOLL] [PKCS11] built on Oct 15 2008

Sat Feb 19 17:31:32 2011 Diffie-Hellman initialized with 1024 bit key

Sat Feb 19 17:31:32 2011 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>

Sat Feb 19 17:31:32 2011 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]

Sat Feb 19 17:31:32 2011 TUN/TAP device tap0 opened

Sat Feb 19 17:31:32 2011 TUN/TAP TX queue length set to 100

Sat Feb 19 17:31:32 2011 /sbin/ifconfig tap0 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255

Sat Feb 19 17:31:32 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]

Sat Feb 19 17:31:32 2011 GID set to root

Sat Feb 19 17:31:32 2011 UID set to root

Sat Feb 19 17:31:32 2011 Socket Buffers: R=[112640->131072] S=[112640->131072]

Sat Feb 19 17:31:32 2011 UDPv4 link local (bound): [undef]:1194

Sat Feb 19 17:31:32 2011 UDPv4 link remote: [undef]

Sat Feb 19 17:31:32 2011 MULTI: multi_init called, r=256 v=256

Sat Feb 19 17:31:32 2011 IFCONFIG POOL: base=10.8.0.2 size=253

Sat Feb 19 17:31:32 2011 IFCONFIG POOL LIST

Sat Feb 19 17:31:32 2011 client1,10.8.0.2

Sat Feb 19 17:31:32 2011 Initialization Sequence Completed

Starting remote services

root@10.255.255.254's password:

Sat Feb 19 17:31:00 UTC 2011

Sat Feb 19 17:31:06 2011 OpenVPN 2.0.9 mips-linux [sSL] [LZO] built on May 17 2009

Sat Feb 19 17:31:06 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.

Sat Feb 19 17:31:06 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Sat Feb 19 17:31:07 2011 LZO compression initialized

Sat Feb 19 17:31:07 2011 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]

Sat Feb 19 17:31:50 2011 MULTI: multi_create_instance called

Sat Feb 19 17:31:50 2011 10.255.255.254:33751 Re-using SSL/TLS context

Sat Feb 19 17:31:50 2011 10.255.255.254:33751 LZO compression initialized

Sat Feb 19 17:31:50 2011 10.255.255.254:33751 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]

Sat Feb 19 17:31:50 2011 10.255.255.254:33751 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]

Sat Feb 19 17:31:50 2011 10.255.255.254:33751 Local Options hash (VER=V4): 'f7df56b8'

Sat Feb 19 17:31:50 2011 10.255.255.254:33751 Expected Remote Options hash (VER=V4): 'd79ca330'

Sat Feb 19 17:31:50 2011 10.255.255.254:33751 TLS: Initial packet from 10.255.255.254:33751, sid=de055d50 fe2f91ec

Sat Feb 19 17:31:07 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]

Sat Feb 19 17:31:07 2011 Local Options hash (VER=V4): 'd79ca330'

Sat Feb 19 17:31:07 2011 Expected Remote Options hash (VER=V4): 'f7df56b8'

Sat Feb 19 17:31:07 2011 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay

Sat Feb 19 17:31:07 2011 UDPv4 link local: [undef]

Sat Feb 19 17:31:07 2011 UDPv4 link remote: 10.255.255.253:1194

Sat Feb 19 17:31:07 2011 TLS: Initial packet from 10.255.255.253:1194, sid=61289952 209be1c7

Sat Feb 19 17:31:07 2011 VERIFY OK: depth=1, /C=GB/ST=XX/L=NinjaLand/O=Interceptor/CN=Interceptor_CA/emailAddress=bob@bobstories.com

Sat Feb 19 17:31:07 2011 VERIFY OK: depth=0, /C=GB/ST=XX/L=NinjaLand/O=Interceptor/CN=server/emailAddress=bob@bobstories.com

Sat Feb 19 17:31:51 2011 10.255.255.254:33751 VERIFY OK: depth=1, /C=GB/ST=XX/L=NinjaLand/O=Interceptor/CN=Interceptor_CA/emailAddress=bob@bobstories.com

Sat Feb 19 17:31:51 2011 10.255.255.254:33751 VERIFY OK: depth=0, /C=GB/ST=XX/L=NinjaLand/O=Interceptor/CN=client1/emailAddress=bob@bobstories.com

Sat Feb 19 17:31:51 2011 10.255.255.254:33751 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

Sat Feb 19 17:31:51 2011 10.255.255.254:33751 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Feb 19 17:31:51 2011 10.255.255.254:33751 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

Sat Feb 19 17:31:51 2011 10.255.255.254:33751 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Feb 19 17:31:08 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

Sat Feb 19 17:31:08 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Feb 19 17:31:08 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

Sat Feb 19 17:31:08 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Feb 19 17:31:51 2011 10.255.255.254:33751 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

Sat Feb 19 17:31:51 2011 10.255.255.254:33751 [client1] Peer Connection Initiated with 10.255.255.254:33751

Sat Feb 19 17:31:08 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

Sat Feb 19 17:31:08 2011 [server] Peer Connection Initiated with 10.255.255.253:1194

Sat Feb 19 17:31:09 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

Sat Feb 19 17:31:52 2011 client1/10.255.255.254:33751 PUSH: Received control message: 'PUSH_REQUEST'

Sat Feb 19 17:31:52 2011 client1/10.255.255.254:33751 SENT CONTROL [client1]: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1)

Sat Feb 19 17:31:09 2011 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0'

Sat Feb 19 17:31:09 2011 OPTIONS IMPORT: timers and/or timeouts modified

Sat Feb 19 17:31:09 2011 OPTIONS IMPORT: --ifconfig/up options modified

Sat Feb 19 17:31:09 2011 OPTIONS IMPORT: route options modified

Sat Feb 19 17:31:09 2011 TUN/TAP device tap0 opened

Sat Feb 19 17:31:09 2011 /sbin/ifconfig tap0 10.8.0.2 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255

Sat Feb 19 17:31:09 2011 GID set to nogroup

Sat Feb 19 17:31:09 2011 UID set to nobody

Sat Feb 19 17:31:09 2011 Initialization Sequence Completed

[-] Daemon mode set

[-] Interface set to br-lan

[-] Log filename set to "daemonlogger.pcap"

[-] Tap output interface set to tap0[-] Pidfile configured to "daemonlogger.pid"

[-] Pidpath configured to "/var/run"

[-] Rollover size set to 2147483648 bytes

[-] Rollover time configured for 0 seconds

[-] Pruning behavior set to oldest IN DIRECTORY

-*> DaemonLogger <*-

Version 1.2.1

By Martin Roesch

© Copyright 2006-2007 Sourcefire Inc., All rights reserved

[HearNoEvil]

If the configuration is correct, this could be a hardware problem. The seller I bought this router from had this to say...

RE: openWRT

"it is not detecting the Infineon switch chip correctly I think. So the two Ethernet ports are simply switch together on the same switch VLAN."

RE: Interceptor setup

"The only thing that might not work is the how the switch chip is setup, if both ports are on the trunk VLAN then they get all the traffic. I've attached the ADM6996 spec (that is the chipset it uses for the Ethernet switch). I've got some code we did at my last company which should be opensourced for that chip that sets it up split into two VLAN's."

Also, I installed tcpdump from the openWRT kamikaze atheros packages to the router, and it was not seeing any packets on br-lan, and only arp packets from eth0 when I ssh into the device and run tcpdump -i br-lan etc..

When I run /etc/init.d/interceptor start, I get "device eth0.1 is already a member of a bridge; can't enslave it to bridge br-lan"

Also, is it normal that eth0.1, eth0.0, eth0 and br-lan all share the same mac address??

I can ssh into it via wifi, the target computer can surf the web, the device is invisible on the network, vpn tunnel seems to work, I get tap0 interface with deamonlogger, yet no packets... bummer!

[Mr-Protocol]

It might be beneficial to you to read up on how bridging interfaces in linux work if you don't understand them well. That and reading errors tells you what the issues are if things are not working.