fredoldodo Posted June 7, 2014 Share Posted June 7, 2014 hello, I would like to use a VPN on my Wifi Pineapple MK5. I have no idea how to do it. I already tried with 'PON $tunnel' in the terminal but... Thank you for your help, Fred Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted June 9, 2014 Share Posted June 9, 2014 Here are some good places to start http://wiki.openwrt.org/doc/howto/vpn.openvpn http://wiki.openwrt.org/doc/howto/vpn.overview Glancing at HMA it seems they offer OpenVPN as well as PPTP. I recommend the former as PPTP is quite broken. That said if you must this may also be useful: http://wiki.openwrt.org/doc/howto/vpn.client.pptp Quote Link to comment Share on other sites More sharing options...
barry99705 Posted June 9, 2014 Share Posted June 9, 2014 (edited) Makes you wonder when the VPN services geolocate to 9800 Savage Road, Fort Meade, MD 20755. ;-) Edited June 9, 2014 by barry99705 Quote Link to comment Share on other sites More sharing options...
hfam Posted June 9, 2014 Share Posted June 9, 2014 Makes you wonder when the VPN services geolocate to 9800 Savage Road, Fort Meade, MD 20755. ;-) Indeed it does! As long as it's not Quantico, VA, though... ;) Quote Link to comment Share on other sites More sharing options...
barry99705 Posted June 10, 2014 Share Posted June 10, 2014 Indeed it does! As long as it's not Quantico, VA, though... ;) I've actually been to one of the buildings on the outside of the fence there. Anyone that goes to Shmoocon needs to make a trip to the NSA crypto museum. It's pretty cool. Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted June 10, 2014 Share Posted June 10, 2014 If you're attempting to "hide your ass", might I recommend Tor. There's an infusion by Kos for the MK5 :) Quote Link to comment Share on other sites More sharing options...
Bossyism Posted July 1, 2014 Share Posted July 1, 2014 comparable to others, hidemyass vpn service has real strong support base for their clients. hidemyass coupon are available on internet through which you can get nice discount. Quote Link to comment Share on other sites More sharing options...
skillsmw Posted July 1, 2014 Share Posted July 1, 2014 I would stay away from hidemyass if i was you look what happened to Cody Kretsinger. Look for a logless vpn. HMA openly states they keep log files of users traffic. Here is a list to get you started on finding a good vpn. http://torrentfreak.com/which-vpn-services-take-your-anonymity-seriously-2014-edition-140315/ i personally use privateinternetaccess.com i have been with them for about a year and a half now, and only have good things to say about there service. Quote Link to comment Share on other sites More sharing options...
hfam Posted July 2, 2014 Share Posted July 2, 2014 I would stay away from hidemyass if i was you look what happened to Cody Kretsinger. Look for a logless vpn. HMA openly states they keep log files of users traffic. Here is a list to get you started on finding a good vpn. http://torrentfreak.com/which-vpn-services-take-your-anonymity-seriously-2014-edition-140315/ i personally use privateinternetaccess.com i have been with them for about a year and a half now, and only have good things to say about there service. Dunno about the Cody incident, but that's good solid advice. Checked into it and indeed, they're keeping logs, and for a pretty significant time too....2-3 months: http://vpn.hidemyass.com/vpncontrol/logging.html Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted July 3, 2014 Share Posted July 3, 2014 Setting up an SSL VPN for use with the WiFi Pineapple Mark V is pretty simple. I have one going with a remotely deployed one of my own which is handy for remote access and routing traffic through my Kali VM. I'm working on an infusion to pretty this up, but essentially: On your server in the cloud (vps, etc) configure OpenVPN. Pretty easy on anything Debian based, like Kali - which might be a good choice since all client traffic will route through this box: apt-get install openvpn mkdir /etc/openvpn #should be there automatically cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/ nano /etc/openvpn/easy-rsa/vars #edit the "export KEY_xxxx" values replacing changeme with your favorite color or home address source vars ./clean-all ./build-ca ./build-key-server server_name # challenge password: no # sign the cert: yes # commit: yes ./build-key Pineapple #default hostname will be Pineapple, change accordingly ./build-dh #copy /etc/openvpn/easy-rsa/keys/ca.crt and Pineapple.* to wifi pineapple's /etc/openvpn dir via scp, microSD card, carrier pigeon # Make a startup script nano start-openvpn-server.sh #or use vi or write your own text editor in emacs # Enter the following: echo "1" > /proc/sys/net/ipv4/ip_forward #the spice must flow iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE openvpn --config /etc/openvpn/server.conf -daemon chmod +x start-openvpn-server.sh # make it executable # setup your server config nano /etc/openvpn/server.conf tls-server port 443 proto tcp dev tun ca ca.crt cert server-name.crt key server-name.key dh dh1024.pem server 10.8.0.0 255.255.255.0 push "redirect-gateway def1 bypass-dhcp" keepalive 1 180 comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3 Finally start your server using the above created start-openvpn-server.sh script Next on the WiFi Pineapple opkg update opkg install openvpn nano /etc/config/openvpn client dev tun proto tcp remote <ip of server> 443 resolv-retry infinite nobind persist-key persist-tun ca /etc/openvpn/ca.crt cert /etc/openvpn/Pineapple.crt key /etc/openvpn/Pineapple.key ns-cert-type server comp-lzo verb 3 keepalive 1 180 openvpn --config /etc/config/openvpn -daemon # alternatively: /etc/init.d/openvpn start # enable vpn on boot: /etc/init.d/openvpn enable Once the connection is established you'll notice a new tun0 interface For example with an IP address 10.8.0.6 Now any other host connected to this VPN, say your phone or laptop, can manage the WiFi Pineapple from http://10.8.0.6:1471 or ssh in as usual. Additionally you'll likely want to route all of your WiFi Pineapple's clients through this VPN So perform the following iptables lovin' iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o tun0 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o tun0 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i tun0 -j ACCEPT Now from your VPN server fire up tcpdump and enjoy Further reading: http://wiki.openwrt.org/doc/howto/vpn.client.openvpn.tap http://wiki.openwrt.org/doc/howto/vpn.openvpn http://wiki.openwrt.org/doc/howto/vpn.server.openvpn.tun http://wiki.openwrt.org/doc/howto/vpn.overview http://www.wsec.be/blog/2012/07/10/tunneling-your-way-out-of-corporate-networks-2-openvpn http://ubuntuguide.org/wiki/OpenVPN_server http://www.linux.com/learn/tutorials/457103-install-and-configure-openvpn-server-on-linux http://www.openlogic.com/wazi/bid/188052/From-Zero-to-OpenVPN-in-30-Minutes Quote Link to comment Share on other sites More sharing options...
Newbier Posted July 7, 2014 Share Posted July 7, 2014 If you're attempting to "hide your ass", might I recommend Tor. There's an infusion by Kos for the MK5 :) hi darren i see that you recommend Tor, and i like the concept of Tor ,but i also read The NSA targets it and is also primarily funded by the US government, so how can i have any trust in it. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted October 27, 2014 Share Posted October 27, 2014 hi darren i see that you recommend Tor, and i like the concept of Tor ,but i also read The NSA targets it and is also primarily funded by the US government, so how can i have any trust in it. I've heard about this, too. It actually came up when I was taking the Certified Ethical Hacker course and I feel it can't truly be trusted. Quote Link to comment Share on other sites More sharing options...
fringes Posted October 28, 2014 Share Posted October 28, 2014 Darren, what ever happened to the OpenVPN infusion? Is that still in the works? Quote Link to comment Share on other sites More sharing options...
tracyleon Posted August 26, 2015 Share Posted August 26, 2015 Best way to get connected with Ipvanish VPN for MK5 tunnel issues. Find here list of ... tools for this purpose. Quote Link to comment Share on other sites More sharing options...
Phini Posted December 27, 2015 Share Posted December 27, 2015 (edited) Hey, I would like to use the MK5 in a different way: first, I want to route all generic traffic over VPN A, administration-traffic over VPN-B. It shouldn't matter how the Pineapple is connected to the WAN, though. Can somebody show me the route how to set this up? As a failsafe, the Pineapple should rather get a timeout instead of using a connection outside of the VPN. Eg. no DNS-poisoning or anything that will show the VPN-IP. Just in case if it is important, I use proxy.sh as the VPN-service. Edited December 27, 2015 by Phini Quote Link to comment Share on other sites More sharing options...
jujubes Posted January 3, 2016 Share Posted January 3, 2016 Did anybody ever get a VPN infusion working? I am thinking of having all clients get pushed through a vpn service but not sure how to get OpenVPN installed and working between client <-> ics internet. Quote Link to comment Share on other sites More sharing options...
jameshouston135 Posted February 15, 2016 Share Posted February 15, 2016 Best way to get connected with Ipvanish VPN for MK5 tunnel issues. Find here list of ... tools for this purpose. yes Ipvanish is good but there are some others better vpns, for this purpose vpn review website is better choice. However it will be also better to search from vpnranks.com to know about top trendy vpns. Quote Link to comment Share on other sites More sharing options...
myb121 Posted September 27, 2016 Share Posted September 27, 2016 On 7/2/2014 at 9:18 PM, Darren Kitchen said: Setting up an SSL VPN for use with the WiFi Pineapple Mark V is pretty simple. I have one going with a remotely deployed one of my own which is handy for remote access and routing traffic through my Kali VM. I'm working on an infusion to pretty this up, but essentially: On your server in the cloud (vps, etc) configure OpenVPN. Pretty easy on anything Debian based, like Kali - which might be a good choice since all client traffic will route through this box: apt-get install openvpn mkdir /etc/openvpn #should be there automatically cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/ nano /etc/openvpn/easy-rsa/vars #edit the "export KEY_xxxx" values replacing changeme with your favorite color or home address source vars ./clean-all ./build-ca ./build-key-server server_name # challenge password: no # sign the cert: yes # commit: yes ./build-key Pineapple #default hostname will be Pineapple, change accordingly ./build-dh #copy /etc/openvpn/easy-rsa/keys/ca.crt and Pineapple.* to wifi pineapple's /etc/openvpn dir via scp, microSD card, carrier pigeon # Make a startup script nano start-openvpn-server.sh #or use vi or write your own text editor in emacs # Enter the following: echo "1" > /proc/sys/net/ipv4/ip_forward #the spice must flow iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE openvpn --config /etc/openvpn/server.conf -daemon chmod +x start-openvpn-server.sh # make it executable # setup your server config nano /etc/openvpn/server.conf tls-server port 443 proto tcp dev tun ca ca.crt cert server-name.crt key server-name.key dh dh1024.pem server 10.8.0.0 255.255.255.0 push "redirect-gateway def1 bypass-dhcp" keepalive 1 180 comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3 Finally start your server using the above created start-openvpn-server.sh script Next on the WiFi Pineapple opkg update opkg install openvpn nano /etc/config/openvpn client dev tun proto tcp remote <ip of server> 443 resolv-retry infinite nobind persist-key persist-tun ca /etc/openvpn/ca.crt cert /etc/openvpn/Pineapple.crt key /etc/openvpn/Pineapple.key ns-cert-type server comp-lzo verb 3 keepalive 1 180 openvpn --config /etc/config/openvpn -daemon # alternatively: /etc/init.d/openvpn start # enable vpn on boot: /etc/init.d/openvpn enable Once the connection is established you'll notice a new tun0 interface For example with an IP address 10.8.0.6 Now any other host connected to this VPN, say your phone or laptop, can manage the WiFi Pineapple from http://10.8.0.6:1471 or ssh in as usual. Additionally you'll likely want to route all of your WiFi Pineapple's clients through this VPN So perform the following iptables lovin' iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o tun0 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o tun0 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i tun0 -j ACCEPT Now from your VPN server fire up tcpdump and enjoy Further reading: http://wiki.openwrt.org/doc/howto/vpn.client.openvpn.tap http://wiki.openwrt.org/doc/howto/vpn.openvpn http://wiki.openwrt.org/doc/howto/vpn.server.openvpn.tun http://wiki.openwrt.org/doc/howto/vpn.overview http://www.wsec.be/blog/2012/07/10/tunneling-your-way-out-of-corporate-networks-2-openvpn http://ubuntuguide.org/wiki/OpenVPN_server http://www.linux.com/learn/tutorials/457103-install-and-configure-openvpn-server-on-linux http://www.openlogic.com/wazi/bid/188052/From-Zero-to-OpenVPN-in-30-Minutes Trying to set up my nano as a travel router that connects to the VPN on my router. Followed the steps for the client but a few things have changed since this first posted. Instead the opkg openvpn now has options for openvpn : collectd-mod-openvpn - 5.4.2-1 - OpenVPN traffic/compression input plugin openvpn-easy-rsa - 2013-01-30-2 - Simple shell scripts to manage a Certificate Authority openvpn-nossl - 2.3.6-5 - Open source VPN solution using plaintext (no SSL) openvpn-openssl - 2.3.6-5 - Open source VPN solution using OpenSSL openvpn-polarssl - 2.3.6-5 - Open source VPN solution using PolarSSL I installed openvpn-openssl and edited the config file but when I went to: openvpn --config /etc/config/openvpn --daemon I got a: Options error: Unrecognized option or missing parameter(s) in /etc/config/openvpn:1: package (2.3.6) Use --help for more information. Sadly, openvpn --help I get: "Usage message not available" Did something change since this post or am I missing something? Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted September 27, 2016 Share Posted September 27, 2016 What version of Ubuntu are you installing it on? Quote Link to comment Share on other sites More sharing options...
myb121 Posted September 27, 2016 Share Posted September 27, 2016 I'm on a Pineapple Nano Linux version 3.18.36 (openwrt@19a38d794f6d) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r49403) ) Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted September 28, 2016 Share Posted September 28, 2016 Ah sorry, didn't see the issue was with pineapple settings. I wonder if an option has changed. https://openvpn.net/index.php/open-source/documentation/manuals.html Based on the error you have above, I would say there is a setting that was missed in the config file. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.