Jump to content

[How To] Tunnel MK5 through VPN


Recommended Posts

Here are some good places to start

http://wiki.openwrt.org/doc/howto/vpn.openvpn

http://wiki.openwrt.org/doc/howto/vpn.overview

Glancing at HMA it seems they offer OpenVPN as well as PPTP. I recommend the former as PPTP is quite broken. That said if you must this may also be useful:

http://wiki.openwrt.org/doc/howto/vpn.client.pptp

Link to comment
Share on other sites

  • 3 weeks later...

I would stay away from hidemyass if i was you look what happened to Cody Kretsinger. Look for a logless vpn. HMA openly states they keep log files of users traffic. Here is a list to get you started on finding a good vpn. http://torrentfreak.com/which-vpn-services-take-your-anonymity-seriously-2014-edition-140315/ i personally use privateinternetaccess.com i have been with them for about a year and a half now, and only have good things to say about there service.

Link to comment
Share on other sites

I would stay away from hidemyass if i was you look what happened to Cody Kretsinger. Look for a logless vpn. HMA openly states they keep log files of users traffic. Here is a list to get you started on finding a good vpn. http://torrentfreak.com/which-vpn-services-take-your-anonymity-seriously-2014-edition-140315/ i personally use privateinternetaccess.com i have been with them for about a year and a half now, and only have good things to say about there service.

Dunno about the Cody incident, but that's good solid advice. Checked into it and indeed, they're keeping logs, and for a pretty significant time too....2-3 months:

http://vpn.hidemyass.com/vpncontrol/logging.html

Link to comment
Share on other sites

Setting up an SSL VPN for use with the WiFi Pineapple Mark V is pretty simple. I have one going with a remotely deployed one of my own which is handy for remote access and routing traffic through my Kali VM. I'm working on an infusion to pretty this up, but essentially:

On your server in the cloud (vps, etc) configure OpenVPN. Pretty easy on anything Debian based, like Kali - which might be a good choice since all client traffic will route through this box:

apt-get install openvpn
mkdir /etc/openvpn #should be there automatically
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/
nano /etc/openvpn/easy-rsa/vars
#edit the "export KEY_xxxx" values replacing changeme with your favorite color or home address
source vars
./clean-all
./build-ca
./build-key-server server_name
# challenge password: no
# sign the cert: yes
# commit: yes
./build-key Pineapple #default hostname will be Pineapple, change accordingly
./build-dh
#copy /etc/openvpn/easy-rsa/keys/ca.crt and Pineapple.* to wifi pineapple's /etc/openvpn dir via scp, microSD card, carrier pigeon 

# Make a startup script
nano start-openvpn-server.sh #or use vi or write your own text editor in emacs
# Enter the following:
	echo "1" > /proc/sys/net/ipv4/ip_forward #the spice must flow
	iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
	openvpn --config /etc/openvpn/server.conf -daemon
chmod +x start-openvpn-server.sh # make it executable

# setup your server config
nano /etc/openvpn/server.conf
	tls-server
	port 443
	proto tcp
	dev tun
	ca ca.crt
	cert server-name.crt
	key server-name.key
	dh dh1024.pem
	server 10.8.0.0 255.255.255.0
	push "redirect-gateway def1 bypass-dhcp"
	keepalive 1 180
	comp-lzo
	user nobody
	group nogroup
	persist-key
	persist-tun
	status openvpn-status.log
	verb 3

Finally start your server using the above created start-openvpn-server.sh script

Next on the WiFi Pineapple

opkg update
opkg install openvpn
nano /etc/config/openvpn
	client
	dev tun	
	proto tcp
	remote <ip of server> 443
	resolv-retry infinite
	nobind
	persist-key
	persist-tun
	ca /etc/openvpn/ca.crt
cert /etc/openvpn/Pineapple.crt
key /etc/openvpn/Pineapple.key
ns-cert-type server
comp-lzo
verb 3
keepalive 1 180
openvpn --config /etc/config/openvpn -daemon

# alternatively: /etc/init.d/openvpn start
# enable vpn on boot: /etc/init.d/openvpn enable

Once the connection is established you'll notice a new tun0 interface

For example with an IP address 10.8.0.6

Now any other host connected to this VPN, say your phone or laptop, can manage the WiFi Pineapple from http://10.8.0.6:1471 or ssh in as usual.

Additionally you'll likely want to route all of your WiFi Pineapple's clients through this VPN

So perform the following iptables lovin'

iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o tun0 -j MASQUERADE
iptables -A FORWARD -s 172.16.42.0/24 -o tun0 -j ACCEPT 
iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i tun0 -j ACCEPT
Link to comment
Share on other sites

If you're attempting to "hide your ass", might I recommend Tor. There's an infusion by Kos for the MK5 :)

hi darren i see that you recommend Tor, and i like the concept of Tor ,but i also read The NSA targets it and is also primarily funded by the US government, so how can i have any trust in it.

Link to comment
Share on other sites

  • 3 months later...

hi darren i see that you recommend Tor, and i like the concept of Tor ,but i also read The NSA targets it and is also primarily funded by the US government, so how can i have any trust in it.

I've heard about this, too. It actually came up when I was taking the Certified Ethical Hacker course and I feel it can't truly be trusted.

Link to comment
Share on other sites

  • 9 months later...
  • 4 months later...

Hey, I would like to use the MK5 in a different way: first, I want to route all generic traffic over VPN A, administration-traffic over VPN-B. It shouldn't matter how the Pineapple is connected to the WAN, though. Can somebody show me the route how to set this up? As a failsafe, the Pineapple should rather get a timeout instead of using a connection outside of the VPN. Eg. no DNS-poisoning or anything that will show the VPN-IP.

Just in case if it is important, I use proxy.sh as the VPN-service.

Edited by Phini
Link to comment
Share on other sites

  • 1 month later...
  • 7 months later...
On 7/2/2014 at 9:18 PM, Darren Kitchen said:

Setting up an SSL VPN for use with the WiFi Pineapple Mark V is pretty simple. I have one going with a remotely deployed one of my own which is handy for remote access and routing traffic through my Kali VM. I'm working on an infusion to pretty this up, but essentially:

On your server in the cloud (vps, etc) configure OpenVPN. Pretty easy on anything Debian based, like Kali - which might be a good choice since all client traffic will route through this box:


apt-get install openvpn
mkdir /etc/openvpn #should be there automatically
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/
nano /etc/openvpn/easy-rsa/vars
#edit the "export KEY_xxxx" values replacing changeme with your favorite color or home address
source vars
./clean-all
./build-ca
./build-key-server server_name
# challenge password: no
# sign the cert: yes
# commit: yes
./build-key Pineapple #default hostname will be Pineapple, change accordingly
./build-dh
#copy /etc/openvpn/easy-rsa/keys/ca.crt and Pineapple.* to wifi pineapple's /etc/openvpn dir via scp, microSD card, carrier pigeon 

# Make a startup script
nano start-openvpn-server.sh #or use vi or write your own text editor in emacs
# Enter the following:
	echo "1" > /proc/sys/net/ipv4/ip_forward #the spice must flow
	iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
	openvpn --config /etc/openvpn/server.conf -daemon
chmod +x start-openvpn-server.sh # make it executable

# setup your server config
nano /etc/openvpn/server.conf
	tls-server
	port 443
	proto tcp
	dev tun
	ca ca.crt
	cert server-name.crt
	key server-name.key
	dh dh1024.pem
	server 10.8.0.0 255.255.255.0
	push "redirect-gateway def1 bypass-dhcp"
	keepalive 1 180
	comp-lzo
	user nobody
	group nogroup
	persist-key
	persist-tun
	status openvpn-status.log
	verb 3

Finally start your server using the above created start-openvpn-server.sh script

Next on the WiFi Pineapple

 

opkg update
opkg install openvpn
nano /etc/config/openvpn
	client
	dev tun	
	proto tcp
	remote <ip of server> 443
	resolv-retry infinite
	nobind
	persist-key
	persist-tun
	ca /etc/openvpn/ca.crt
cert /etc/openvpn/Pineapple.crt
key /etc/openvpn/Pineapple.key
ns-cert-type server
comp-lzo
verb 3
keepalive 1 180
openvpn --config /etc/config/openvpn -daemon

# alternatively: /etc/init.d/openvpn start
# enable vpn on boot: /etc/init.d/openvpn enable

Once the connection is established you'll notice a new tun0 interface

For example with an IP address 10.8.0.6

Now any other host connected to this VPN, say your phone or laptop, can manage the WiFi Pineapple from http://10.8.0.6:1471 or ssh in as usual.

Additionally you'll likely want to route all of your WiFi Pineapple's clients through this VPN

So perform the following iptables lovin'


iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o tun0 -j MASQUERADE
iptables -A FORWARD -s 172.16.42.0/24 -o tun0 -j ACCEPT 
iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i tun0 -j ACCEPT

Trying to set up my nano as a travel router that connects to the VPN on my router. Followed the steps for the client but a few things have changed since this first posted. Instead the opkg openvpn now has options for openvpn :

collectd-mod-openvpn - 5.4.2-1 - OpenVPN traffic/compression input plugin
openvpn-easy-rsa - 2013-01-30-2 - Simple shell scripts to manage a Certificate Authority
openvpn-nossl - 2.3.6-5 - Open source VPN solution using plaintext (no SSL)
openvpn-openssl - 2.3.6-5 - Open source VPN solution using OpenSSL
openvpn-polarssl - 2.3.6-5 - Open source VPN solution using PolarSSL

I installed openvpn-openssl and edited the config file but when I went to:

openvpn --config /etc/config/openvpn --daemon 

I got a:

Options error: Unrecognized option or missing parameter(s) in /etc/config/openvpn:1: package (2.3.6)
Use --help for more information.

 

Sadly, openvpn --help I get:  "Usage message not available"

Did something change since this post or am I missing something?
 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...