myb121
-
Posts
7 -
Joined
-
Last visited
-
Days Won
1
Posts posted by myb121
-
-
On 7/2/2014 at 9:18 PM, Darren Kitchen said:
Setting up an SSL VPN for use with the WiFi Pineapple Mark V is pretty simple. I have one going with a remotely deployed one of my own which is handy for remote access and routing traffic through my Kali VM. I'm working on an infusion to pretty this up, but essentially:
On your server in the cloud (vps, etc) configure OpenVPN. Pretty easy on anything Debian based, like Kali - which might be a good choice since all client traffic will route through this box:
apt-get install openvpn mkdir /etc/openvpn #should be there automatically cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/ nano /etc/openvpn/easy-rsa/vars #edit the "export KEY_xxxx" values replacing changeme with your favorite color or home address source vars ./clean-all ./build-ca ./build-key-server server_name # challenge password: no # sign the cert: yes # commit: yes ./build-key Pineapple #default hostname will be Pineapple, change accordingly ./build-dh #copy /etc/openvpn/easy-rsa/keys/ca.crt and Pineapple.* to wifi pineapple's /etc/openvpn dir via scp, microSD card, carrier pigeon # Make a startup script nano start-openvpn-server.sh #or use vi or write your own text editor in emacs # Enter the following: echo "1" > /proc/sys/net/ipv4/ip_forward #the spice must flow iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE openvpn --config /etc/openvpn/server.conf -daemon chmod +x start-openvpn-server.sh # make it executable # setup your server config nano /etc/openvpn/server.conf tls-server port 443 proto tcp dev tun ca ca.crt cert server-name.crt key server-name.key dh dh1024.pem server 10.8.0.0 255.255.255.0 push "redirect-gateway def1 bypass-dhcp" keepalive 1 180 comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3
Finally start your server using the above created start-openvpn-server.sh script
Next on the WiFi Pineapple
opkg update opkg install openvpn nano /etc/config/openvpn client dev tun proto tcp remote <ip of server> 443 resolv-retry infinite nobind persist-key persist-tun ca /etc/openvpn/ca.crt cert /etc/openvpn/Pineapple.crt key /etc/openvpn/Pineapple.key ns-cert-type server comp-lzo verb 3 keepalive 1 180 openvpn --config /etc/config/openvpn -daemon # alternatively: /etc/init.d/openvpn start # enable vpn on boot: /etc/init.d/openvpn enable
Once the connection is established you'll notice a new tun0 interface
For example with an IP address 10.8.0.6
Now any other host connected to this VPN, say your phone or laptop, can manage the WiFi Pineapple from http://10.8.0.6:1471 or ssh in as usual.
Additionally you'll likely want to route all of your WiFi Pineapple's clients through this VPN
So perform the following iptables lovin'
iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o tun0 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o tun0 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i tun0 -j ACCEPT
Now from your VPN server fire up tcpdump and enjoy
Further reading:
http://wiki.openwrt.org/doc/howto/vpn.client.openvpn.tap
http://wiki.openwrt.org/doc/howto/vpn.openvpn
http://wiki.openwrt.org/doc/howto/vpn.server.openvpn.tun
http://wiki.openwrt.org/doc/howto/vpn.overview
http://www.wsec.be/blog/2012/07/10/tunneling-your-way-out-of-corporate-networks-2-openvpn
http://ubuntuguide.org/wiki/OpenVPN_server
http://www.linux.com/learn/tutorials/457103-install-and-configure-openvpn-server-on-linux
http://www.openlogic.com/wazi/bid/188052/From-Zero-to-OpenVPN-in-30-Minutes
Trying to set up my nano as a travel router that connects to the VPN on my router. Followed the steps for the client but a few things have changed since this first posted. Instead the opkg openvpn now has options for openvpn :
collectd-mod-openvpn - 5.4.2-1 - OpenVPN traffic/compression input plugin
openvpn-easy-rsa - 2013-01-30-2 - Simple shell scripts to manage a Certificate Authority
openvpn-nossl - 2.3.6-5 - Open source VPN solution using plaintext (no SSL)
openvpn-openssl - 2.3.6-5 - Open source VPN solution using OpenSSL
openvpn-polarssl - 2.3.6-5 - Open source VPN solution using PolarSSLI installed openvpn-openssl and edited the config file but when I went to:
openvpn --config /etc/config/openvpn --daemon
I got a:
Options error: Unrecognized option or missing parameter(s) in /etc/config/openvpn:1: package (2.3.6)
Use --help for more information.Sadly, openvpn --help I get: "Usage message not available"
Did something change since this post or am I missing something?
-
I watched Hak5 1818 and 1819 a few weeks ago thinking it was the current Hak5 and I became obsessed. Being a noob, I immediately proceeded to build a home lab on a nuC6i7KYK, maxed ram and a 250gb drive. It took me about a week to brute force my education on XenServer and Xen Orchestra. I've got them both up and am running a few VM's. This is when I realized I have this awesome piece of hardware running a headless server. This is where I need some advice:
Is it possible to build a front end on the nuc so I can utilize it as a daily desktop while keeping XenServer running under the hood or do I need to install a distro first then run XenServer on top?
Don't get me wrong running a VM through console is pretty cool, it just I feel a little stupid buying a 4k monitor to look at XenServer's customize System menu.
[How To] Tunnel MK5 through VPN
in WiFi Pineapple Mark V
Posted
I'm on a Pineapple Nano
Linux version 3.18.36 (openwrt@19a38d794f6d) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r49403) )