Jump to content

Openvpn On a Pi


Rainman_34
 Share

Recommended Posts

Because I am running Openvpn on a Pi and using the light version with no gui I am not running Openvpn Access Server but instead doing all of it through the command line and server.conf files.  I generated everything and clients connect with no issues.  Now I have a lan turtle and I want to change the configuration so that clients on my VPN can see clients on the network the lan turtle is plugged into.  This is quite simple if I'm using the Openvpn Access Server.  I followed the tutorial on the openvpn site on how to adjust the server.conf file but I there must be something I am doing wrong here.  Could someone please assist me in how to get this going.  

Also I uncommented client-to-client however clients can't see each other on my VPN network.  

Finally this probably has to do with the VPN but when my lan turtle is connected to the VPN server and I go to module manager it says no modules available but if I am not connected to the VPN server it gives me modules.  After connecting to the VPN server if I go to a shell on the turtle and try to ping I get this response "ping: sendto: Operation not permitted".  Please help.  Thanks in advance. I am sure I have screwed up my OpenVPN server.con file somehow.  

The odd thing is when I connect another device to the VPN server they can still browse the internet.  My lan turtle is the only one that can't.

Link to comment
Share on other sites

4 minutes ago, kdodge said:

ping: sendto: Operation not permitted


This is common when an iptables rule is blocking traffic. One thing to check in your rules is to look for -A OUTPUT -o eth+ ..., cause when you connect up using openvpn, you will probably need to add/change it to -A OUTPUT -o tun+…..

It’s something to check anyway

My internet connection on the pi is wlan0. Are you talking about iptable rules on the pi or turtle. Also could you provide a link or more info on this rule as I am not great with iptable rules. Thanks a lot. 

 

15 minutes ago, kdodge said:

can your lan turtle look up a host's ip address?


host forums.hak5.org


or does it return a "connection timed out; no servers could be reached"?

It gives me host not found. Not sure what linux version is on the turtle as apt-get is not available

Link to comment
Share on other sites

If host says not found, DNS is not working, and more than likely, has no internet connection. Wlan0 needs to get an IP via DHCP from a gateway/router/AP or setup with a static IP and dhclient to connect to the LAN and then be able to use the internet. VPN, uses a Tun adapter, so when the VPN is created, it's going to use the Tun# over the Wlan0 or whichever connection is in use for general internet activity. Get the internet side working first, then troubleshoot the VPN side.

Link to comment
Share on other sites

55 minutes ago, digip said:

If host says not found, DNS is not working, and more than likely, has no internet connection. Wlan0 needs to get an IP via DHCP from a gateway/router/AP or setup with a static IP and dhclient to connect to the LAN and then be able to use the internet. VPN, uses a Tun adapter, so when the VPN is created, it's going to use the Tun# over the Wlan0 or whichever connection is in use for general internet activity. Get the internet side working first, then troubleshoot the VPN side.

To be a bit more clear on this the Pi which uses Wlan0 has internet access.  All clients which connect to the VPN server have internet access with the exception of my lan turtle.  When I say host not found is the host command which is not found.  IE I get this response -ash: host: not found.  I figure this is either something with my server.conf file or with my iptables.  Thanks again for anyone that can help.

Link to comment
Share on other sites

57 minutes ago, Rainman_34 said:

To be a bit more clear on this the Pi which uses Wlan0 has internet access.  All clients which connect to the VPN server have internet access with the exception of my lan turtle.  When I say host not found is the host command which is not found.  IE I get this response -ash: host: not found.  I figure this is either something with my server.conf file or with my iptables.  Thanks again for anyone that can help.

so "host" tool is not installed, that makes sense now. you can check connectivity with ping as well like "sudo ping -c 3 google.com" and see if it resolves or "sudo nslookup google.com". Ping should def be installed(based on your error just wondering if you need to use sudo), not sure on nslookup(but usually is). If you have to use sudo with the turtle, see if the host command works again with "sudo host poop.com", but just look for it in either /bin or /usr/share/bin, should be there if it's installed. I don't own a turtle so can't look myself.

Link to comment
Share on other sites

2 hours ago, kdodge said:

ping: sendto: Operation not permitted


This is common when an iptables rule is blocking traffic. One thing to check in your rules is to look for -A OUTPUT -o eth+ ..., cause when you connect up using openvpn, you will probably need to add/change it to -A OUTPUT -o tun+…..

It’s something to check anyway

I have tried the following IP table options and none of them have corrected the issue.

 

sudo iptables -t nat -I POSTROUTING 1 -o tun0 -j MASQUERADE
sudo iptables -I FORWARD 1 -i tun0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -I FORWARD 1 -i eth1 -o tun0 -j ACCEPT

 

 

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

 

iptables -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT

 

iptables -A FORWARD -j ACCEPT
Link to comment
Share on other sites

2 minutes ago, digip said:

so "host" tool is not installed, that makes sense now. you can check connectivity with ping as well like "sudo ping -c 3 google.com" and see if it resolves or "sudo nslookup google.com". Ping should def be installed(based on your error just wondering if you need to use sudo), not sure on nslookup(but usually is). If you have to use sudo with the turtle, see if the host command works again with "sudo host poop.com", but just look for it in either /bin or /usr/share/bin, should be there if it's installed. I don't own a turtle so can't look myself.

well apparently since you are root on the turtle sudo is not installed either.  From my research it appears to be an iptables rule.  I am going to ask this in the lan turtle section since it appears to be a lan turtle issue.

Link to comment
Share on other sites

1 minute ago, Rainman_34 said:

well apparently since you are root on the turtle sudo is not installed either.  From my research it appears to be an iptables rule.  I am going to ask this in the lan turtle section since it appears to be a lan turtle issue.

Yeah, that would probably help but if you have root access, just search the system for the tool. If "host" is not installed I'm sure ping is. If ping is blocked, then check the "iptables -L" to see what rules are set.

Link to comment
Share on other sites

1 minute ago, digip said:

Yeah, that would probably help but if you have root access, just search the system for the tool. If "host" is not installed I'm sure ping is. If ping is blocked, then check the "iptables -L" to see what rules are set.

ping is blocked.  I have to learn more about iptables to figure this issue out.  I have tried the iptable options listed above in one of my other posts.

Link to comment
Share on other sites

Before spinning your wheels, is the Turtle capable of doing what you ask? I'm not 100% up to speed on the turtle, but I thought the whole point of the turtle was to fake a network and DHCP server to make the machine connect to it for various attacks, but what are it's intended uses? What is the device's main use for?

Link to comment
Share on other sites

So my inpatience kicked in. Darren does a great video on how to do this with openvpn access server and shows it working. Thats where I stipped watching. If you watch the last three minutes or so he discusses changes that need made on the turtle which makes this work. 

Link to comment
Share on other sites

I have to go back and watch all the Turtle videos now. I have been slacking on keeping up with the show. I still don't own a pineapple, and have only dabbled with my Ducky, but I have no general use for them other than to learn how to use them. I think that's why the ducky sits in my laptop case pretty much since I bought it from them at Derbycon. It works, I tried it, but have no real use for it.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...