Jump to content

Search the Community

Showing results for tags 'openvpn'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Gear
    • Hak5 Cloud C²
    • Plunder Bug
    • Bash Bunny
    • Signal Owl
    • USB Rubber Ducky
    • Packet Squirrel
    • LAN Turtle
    • Screen Crab
    • Shark Jack
    • Key Croc
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

Found 16 results

  1. Okay so I setup OpenVPN, adding the auth.txt to the config and such, set it all up and it would run on my Tetra fine but devices connect to the router did not get their IP changed. My setup is MacBook setup to share it's Ethernet connection (working) and a chrome book and ps4 bridged to the WI-FI of this Macbook. So I use Tunnelblick to load my config and execute, again successful AUTHs, VERIFYs OK, IP established. Now my Macbook hooked to Ethernet still works and going through the VPN and changing it's IP. But all other devices go offline. Is this a routing issue of making bridged traffic go through the VPN somehow? At one point messing with the protocols and configs, Tunnelblick did run sharing Wifi, connecting from the router to ethernet to ps4. Wireshark showed only communication between my router and a single VPN server. When it stopped working like that I tried to reload the configs on Tetra and I issued 'service openvpn start' and then instead of restarting and loading the config it just basically went in a cycle of all colors to blue blinking to online blue yellow to black offline again, repeat. Even after reset. I'll try a firmware update. Any help plz? thank youi
  2. Hey guys, First post 🙂 Anyways I really have been enjoying the Packet squirrel as a passive Vpn Out. Although I know that's not its intended purpose. Also great for monitoring network. I put it inbetween my modem and router and encrypted everything to a PIA server. Although small thing I have to hash out# disable-occ line of the config.ovpn . Was wondering if there was a way to re-enable this and getting the vpn to disable-occ, or if it's even needed at all? (Just wanna pick yall for some knowledge on this option) Any security issues I can expect running a packetsquirrel as a vpn out? It's very nice if you don't trust your ISP all that much, everything leaving the router to the modem can be encrpyted. Including Wifi, without needing to run openvpn on the client computers. Silly way to get around a client limit as well. 🙂 I am kind of rookie, but it works as advertised it's pretty impressive how simple it is. Seems like a much better way to tunnel in than using a raspberry pie as well. Thanks for a great product. 🙂
  3. Hi all, several months ago I wrote a guide on how to seamlessly connect OpenVPN clients to the PS' LAN (e.g. your laptop from your home connection connecting to a printer in the same LAN as the PS, without having to use SSH as a proxy), but due to OpenWRT's preconfigured firewall I missed some iptables configurations to make it work properly (thank you @m3t4lk3y for pointing this out). So I figured I'd write a new, corrected standalone post. This is useful to manage remote subnets from anywhere with more than one VPN client (as this OpenVPN AS feature is paywalled, also this is completely headless, no clunky web interface required) A word of caution: since we're going to push routes to your computer and 90% of common subnets are either or I advise you change your home/most used network to something a bit more uncommon, like, as to avoid overlapping. I'm going to assume an OpenVPN server is already set up and running. So, let's say that my home network is and I want to use a PS to manage target network Let's also assume my VPN subnet is something like, and that your computer and PS when connected to the VPN have the IPs and respectively. On my VPN server I need to create a new folder to contain client specific directives. mkdir /etc/openvpn/ccd In this folder I'm going to create a file that's named exactly like the client name I used when I created a certificate for the PS (this is important, if you don't otherwise it's not going to work). I'm going to assume it was packetsquirrel echo "iroute" > /etc/openvpn/ccd/packetsquirrel This tells OpenVPN that the route is going to flow through this specific client. Then you need to edit your openvpn's server.conf client-to-client # allows VPN clients to communicate with each other client-config-dir /etc/openvpn/ccd/ # specifies the folder we created earlier as client-config-dir push "route" # pushes the route to every connected client route # adds this route to the OpenVPN server itself Once you've done that restart your OpenVPN server. If everything went smoothly you should be able to SSH into the PS directly with "ssh root@". Do that, and from inside the PS run this commands (assuming your WAN interface in the PS is br-lan, if not it should be eth1, depending on your PS' network configuration): # Packets flowing from (tun0) to (br-lan) should be accepted and forwarded iptables -I FORWARD -i tun0 -o br-lan -s -d -m conntrack --ctstate NEW -j ACCEPT # Masquerade packets coming from as coming from the PS' WAN IP iptables -t nat -I POSTROUTING -o br-lan -s -j MASQUERADE If everything went smoothly you should be able to seamlessly reach every device on the target's LAN (e.g. for the router). Keep in mind that iptables rules are volatile, meaning they will be reset should the PS get rebooted. I could have put the configurations on the config files but seen the portable/multifunction nature of the device I'd rather run it by hand than possibly breaking the defaut network configurations intended by Hak5.
  4. I have been using my tetra with openvpn as a travel router. it works great. I recently configured it with a USB modem; the Huawei E8372. It still connects to the VPN and client's traffics is routed via the VPN tunnel. The issue I am having is that the traffic for the pinneaple itself is not being routed via the tunnel. There is my routing table. Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default UG 0 0 0 tun0 default UG 0 0 0 eth2 Modem's IP UGH 0 0 0 eth2 UG 0 0 0 tun0 * U 0 0 0 br-lan * U 0 0 0 eth2 * UH 0 0 0 eth2 * U 0 0 0 tun0 I am not really familiar with routing tables. Thank you for the assistance
  5. I've been writing about creating the openvpn client module. and I got to this problem. in the web interface does not detect the installation of openvpn ("Dependencies: Not Installed") I confirmed the installation using the command which ("/usr/sbin/openvpn") and I do not know what the problem is in my code. If someone here could help me with that, I would be very grateful, I suspect that my problem is very simple, but my inexperience does not allow me to realize --> https://github.com/vay3t/openvpn-pineapple (for some strange reason the pineapple does not detect my module) any ideas?
  6. I really loved the last two episodes on creating a VPN. I have a Wifi Pineapple Nano and have setup a VPN server and can manually connect . I used the forwarding 'foo' code in the video to get client forwarding working. Now I wanted to make it so that the openvpn client and the forwarding script works on startup but I cannot seem to get it working. I've done some searching but cannot think of where to go from here. I've put this in /etc/init.d/ #!/bin/sh # Start the openvpn service openvpn client.ovpn #Setup forwarding for clients iptables -t nat -A POSTROUTING -s -o tun0 -j MASQUERADE iptables -A FORWARD -s -o tun0 -j ACCEPT iptables -A FORWARD -d -m state --state ESTABLISHED,RELATED -i tun0 -j ACCEPT And created a symlink to /etc/rc.d/ If I run the commands separately it all works however I cannot get it to run on boot. Should they be run as two different processes? Is it because openvpn is running the second won't trigger. Not sure if it's my lack of understanding of Unix/bash scripting or something else. Thanks for your time guys.
  7. Just got my PS. upgraded fw to 1.2 tested ovpn switch 3 tested client mode working. tested client 0 intermitently get 172 ip if I get 192 ip i try a traceroute and dnsleaktest keep getting my actual wanip and not the ovpn ip. I can’t seem to get internal ip working while PS is connected to OVPN in Client=0. anyone else having the same problem?
  8. Hello, can a Packet Squirrel owner please test and post the OpenVPN throughput (maybe in combination with the CPU usage) ? Since it has the same Hardware specs as the WiFi Pineapple Nano, i´m sure the CPU has not enough power for a good, stabil connection. My Nano for example has not enough power for the encryption. Thanks!
  9. I am maybe a little crazy but I am trying to forward network traffic from two differents SSID to two different vps running openvpn. Why ? Because I have two VPS and I woud like to able to browse the Internet from all my device just selecting a WiFi network. Sorry for this dirty hack ; the pineapple is a cool offensive device that I love use but I am trying to configure it as something like a smart defensive device :) Well, my setup is working well with only one wifi / tun interface. It seems impossible to work that with the two VPN at the same time (openvpn client). I don't understand why :/ I think it's not a very complicate setup I hope somebody could help me here since you're network experts. I think it's a routing issue but I am not sure. So my question is the following : - How can I forward correctly forward the network traffic from my two wifi subnets to each tun / vpn interface at the same time ? Anyone can help me to fix this please ? Below few details about my setup : To simplify this, my setup looks like : eth0 (internet link) <===== tun0 <==== wifi-A eth0 (internet link) <===== tun1 <==== wifi-B Note the following statements : 1. My openwrt device get the Internet link with the eth0 interface using DHCP 2. I created a bridge on my wlan0 interface to be able to broadcast two SSID : (wifi-a & wifi-b) 3. On wifi-a : a DHCP server is running pool gw 4. On wifi-b : a DHCP server is running pool gw 5. I have two VPS where I installed openvpn : PublicIP-1 & PublicIP-2 6. I run on my device two openvpn client to public-IP-1 (tun0) and to public-IP-2 (tun1) 7. Finally I nated wifi-a subnet to tun0 and wifi-b subnet to tun1 with the following iptables rules : iptables -t nat -A POSTROUTING -s -o tun0 -j MASQUERADE iptables -A FORWARD -s -o tun0 -j ACCEPT iptables -A FORWARD -d -m state --state ESTABLISHED,RELATED -i tun0 -j ACCEPT iptables -t nat -A POSTROUTING -s -o tun1 -j MASQUERADE iptables -A FORWARD -s -o tun1 -j ACCEPT iptables -A FORWARD -d -m state --state ESTABLISHED,RELATED -i tun1 -j ACCEPT Below my interface details : eth0 inet addr: Bcast: Mask: br-wifi-a inet addr: Bcast: Mask: br-wifi-b inet addr: Bcast: Mask: tun0 inet addr: P-t-P: Mask: tun1 inet addr: P-t-P: Mask: My route table : Destination Gateway Genmask Flags Metric Ref Use Iface default UG 0 0 0 eth0 UGH 0 0 0 tun0 * UH 0 0 0 tun0 UGH 0 0 0 tun1 * UH 0 0 0 tun1 [PublicIP-VPS-1] UGH 0 0 0 eth0 [PublicIP-VPS-2] UGH 0 0 0 eth0 * U 0 0 0 br-wifiA * U 0 0 0 br-wifiB * U 0 0 0 br-lan * U 0 0 0 eth0 **Quick debug :** ping google.com -I tun1 PING google.fr ( 56 data bytes 64 bytes from seq=0 ttl=43 time=29.665 ms ping google.com -I tun0 PING google.fr ( 56 data bytes 64 bytes from seq=0 ttl=43 time=30.277 ms ping google.com -I eth0 PING google.fr ( 56 data bytes 64 bytes from seq=0 ttl=42 time=17.860 ms ^C Again, I think it's routing issue but I am maybe to much tired to see my mistake. Can you help me to debug this ? Thanks for your help guys,
  10. Alright, so I've managed to get OpenVPN to work on the Nano.. I even managed to get it to connect to PIA. However the moment the connection establishes I lose the internet. I'm pretty sure this is a routing issue. But I'm unsure of what I need to add to the config file to fix the issue upon connecting. This is the result of the IP config table after it establishes a connection. Destination Gateway Genmask Flags Metric Ref Use Iface default UG 0 0 0 tun0 default UG 0 0 0 wlan1 UGH 0 0 0 tun0 * UH 0 0 0 tun0 UG 0 0 0 tun0 UGH 0 0 0 wlan1 * U 0 0 0 br-lan * U 0 0 0 wlan1 * UH 0 0 0 wlan1 I would like to connect to the router using Wan1, and then connect to Wan0 with my laptop or other internet devices during traveling and still run my traffic over an encrypted VPN. any suggestions?
  11. I have configured my openvpn on my turtle lan. The openvpn works fine if I manually start it in the menu or issue a /etc/init.d/openvpn start command. I have set the Bootup Status to Enabled. I reboot the turtlelan and openvpn does not start, viewing the menu it confirms that Bootup Status is Enabled and the Current Status is stopped. If I click on Start the openvpn starts up and works as expected. But I cannot get openvpn to start on bootup even though it is configured to. Side note: If you click on stop after start you get "Command failed: Not found" for an error and the openvpn is still started.
  12. If you click on stop once openvpn is running you get "Command failed: Not found" for an error and the openvpn is still started. I am on v2 and no updates are available as of today.
  13. I recently got a WiFi PineApple and managed to setup a working openvpn connection. My issue is when i go to http://dnsleaktest.com what is shown as my resolver is my default's internet connection when on the VPN connection I use google's DNS resolvers and this known I can not seem to create a up script that will allow me to get the right DNS servers to be shown and used. I know this is not just a openvpn/openwrt issue so there must be some way to write a script that will force the use of the passed DNS servers from openvpn. I noticed the "issue" is also with my Ubuntu system that I'm using. with the Ubuntu system I know how to fix that issue but not with the WiFi PineApple
  14. Hi, I am a mark V owner thinking of purchasing a TETRA. If I were to use it as a normal router with an OpenVPN tunnel (i.e. TETRA is the client) what kind of speeds can I expect to get? It seems most routers max out at ~ 20Mb/s. Am I correct in assuming TETRA will not be able to handle a 100Mb/s connection ?
  15. I'm trying to put OpenVPN on the pineapple nano using Private internet Access as the VPN service, but I'm having issues getting the ovpn to load properly while following along with Darren's video https://www.hak5.org/frontpage/hak5-2018-how-to-build-an-openvpn-access-point-pt-2. I listed below the script errors that I'm getting and also the text file for the ovpn that I'm trying to load. Here is the text file for the ovpn that I'm trying to load on the nano: client dev tun remote us-east.privateinternetaccess.com 1198 udp remote us-east.privateinternetaccess.com 502 tcp resolv-retry infinite nobind persist-key persist-tun setenv CLIENT_CERT 0 <ca> -----BEGIN CERTIFICATE----- MIIFqzCCBJOgAwIBAgIJAKZ7D5Yv87qDMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNV BAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIElu dGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3Mx IDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkB FiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzM1 MThaFw0zNDA0MTIxNzM1MThaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex EzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQg QWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UE AxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50 ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVy bmV0YWNjZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPXD L1L9tX6DGf36liA7UBTy5I869z0UVo3lImfOs/GSiFKPtInlesP65577nd7UNzzX lH/P/CnFPdBWlLp5ze3HRBCc/Avgr5CdMRkEsySL5GHBZsx6w2cayQ2EcRhVTwWp cdldeNO+pPr9rIgPrtXqT4SWViTQRBeGM8CDxAyTopTsobjSiYZCF9Ta1gunl0G/ 8Vfp+SXfYCC+ZzWvP+L1pFhPRqzQQ8k+wMZIovObK1s+nlwPaLyayzw9a8sUnvWB /5rGPdIYnQWPgoNlLN9HpSmsAcw2z8DXI9pIxbr74cb3/HSfuYGOLkRqrOk6h4RC OfuWoTrZup1uEOn+fw8CAwEAAaOCAVQwggFQMB0GA1UdDgQWBBQv63nQ/pJAt5tL y8VJcbHe22ZOsjCCAR8GA1UdIwSCARYwggESgBQv63nQ/pJAt5tLy8VJcbHe22ZO sqGB7qSB6zCB6DELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpM b3NBbmdlbGVzMSAwHgYDVQQKExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4G A1UECxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAMTF1ByaXZhdGUg SW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQpExdQcml2YXRlIEludGVybmV0IEFjY2Vz czEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j b22CCQCmew+WL/O6gzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAn a5PgrtxfwTumD4+3/SYvwoD66cB8IcK//h1mCzAduU8KgUXocLx7QgJWo9lnZ8xU ryXvWab2usg4fqk7FPi00bED4f4qVQFVfGfPZIH9QQ7/48bPM9RyfzImZWUCenK3 7pdw4Bvgoys2rHLHbGen7f28knT2j/cbMxd78tQc20TIObGjo8+ISTRclSTRBtyC GohseKYpTS9himFERpUgNtefvYHbn70mIOzfOJFTVqfrptf9jXa9N8Mpy3ayfodz 1wiqdteqFXkTYoSDctgKMiZ6GdocK9nMroQipIQtpnwd4yBDWIyC6Bvlkrq5TQUt YDQ8z9v+DMO6iwyIDRiU -----END CERTIFICATE----- </ca> cipher aes-128-cbc auth sha1 tls-client remote-cert-tls server auth-user-pass comp-lzo verb 1 reneg-sec 0 <crl-verify> -----BEGIN X509 CRL----- MIICWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0 ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRl aW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZa MCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG 9w0BAQ0FAAOCAQEAQZo9X97ci8EcPYu/uK2HB152OZbeZCINmYyluLDOdcSvg6B5 jI+ffKN3laDvczsG6CxmY3jNyc79XVpEYUnq4rT3FfveW1+Ralf+Vf38HdpwB8EW B4hZlQ205+21CALLvZvR8HcPxC9KEnev1mU46wkTiov0EKc+EdRxkj5yMgv0V2Re ze7AP+NQ9ykvDScH4eYCsmufNpIjBLhpLE2cuZZXBLcPhuRzVoU3l7A9lvzG9mjA 5YijHJGHNjlWFqyrn1CfYS6koa4TGEPngBoAziWRbDGdhEgJABHrpoaFYaL61zqy MR6jC0K2ps9qyZAN74LEBedEfK7tBOzWMwr58A== -----END X509 CRL----- </crl-verify>
  16. On my nano I have set it up to auto connect to my open vpn server upon internet connection. I did all this in rc.local my question is how do i test that the iptable settings are correct with all connections going through tun0? My other question is how to I configure the connection to autoconnect if the connection gets dropped? -M
  • Create New...