Rainman_34 Posted August 7, 2017 Posted August 7, 2017 Because I am running Openvpn on a Pi and using the light version with no gui I am not running Openvpn Access Server but instead doing all of it through the command line and server.conf files. I generated everything and clients connect with no issues. Now I have a lan turtle and I want to change the configuration so that clients on my VPN can see clients on the network the lan turtle is plugged into. This is quite simple if I'm using the Openvpn Access Server. I followed the tutorial on the openvpn site on how to adjust the server.conf file but I there must be something I am doing wrong here. Could someone please assist me in how to get this going. Also I uncommented client-to-client however clients can't see each other on my VPN network. Finally this probably has to do with the VPN but when my lan turtle is connected to the VPN server and I go to module manager it says no modules available but if I am not connected to the VPN server it gives me modules. After connecting to the VPN server if I go to a shell on the turtle and try to ping I get this response "ping: sendto: Operation not permitted". Please help. Thanks in advance. I am sure I have screwed up my OpenVPN server.con file somehow. The odd thing is when I connect another device to the VPN server they can still browse the internet. My lan turtle is the only one that can't. Quote
Rainman_34 Posted August 7, 2017 Author Posted August 7, 2017 4 minutes ago, kdodge said: ping: sendto: Operation not permitted This is common when an iptables rule is blocking traffic. One thing to check in your rules is to look for -A OUTPUT -o eth+ ..., cause when you connect up using openvpn, you will probably need to add/change it to -A OUTPUT -o tun+….. It’s something to check anyway My internet connection on the pi is wlan0. Are you talking about iptable rules on the pi or turtle. Also could you provide a link or more info on this rule as I am not great with iptable rules. Thanks a lot. 15 minutes ago, kdodge said: can your lan turtle look up a host's ip address? host forums.hak5.org or does it return a "connection timed out; no servers could be reached"? It gives me host not found. Not sure what linux version is on the turtle as apt-get is not available Quote
digip Posted August 7, 2017 Posted August 7, 2017 If host says not found, DNS is not working, and more than likely, has no internet connection. Wlan0 needs to get an IP via DHCP from a gateway/router/AP or setup with a static IP and dhclient to connect to the LAN and then be able to use the internet. VPN, uses a Tun adapter, so when the VPN is created, it's going to use the Tun# over the Wlan0 or whichever connection is in use for general internet activity. Get the internet side working first, then troubleshoot the VPN side. Quote
Rainman_34 Posted August 7, 2017 Author Posted August 7, 2017 55 minutes ago, digip said: If host says not found, DNS is not working, and more than likely, has no internet connection. Wlan0 needs to get an IP via DHCP from a gateway/router/AP or setup with a static IP and dhclient to connect to the LAN and then be able to use the internet. VPN, uses a Tun adapter, so when the VPN is created, it's going to use the Tun# over the Wlan0 or whichever connection is in use for general internet activity. Get the internet side working first, then troubleshoot the VPN side. To be a bit more clear on this the Pi which uses Wlan0 has internet access. All clients which connect to the VPN server have internet access with the exception of my lan turtle. When I say host not found is the host command which is not found. IE I get this response -ash: host: not found. I figure this is either something with my server.conf file or with my iptables. Thanks again for anyone that can help. Quote
digip Posted August 7, 2017 Posted August 7, 2017 57 minutes ago, Rainman_34 said: To be a bit more clear on this the Pi which uses Wlan0 has internet access. All clients which connect to the VPN server have internet access with the exception of my lan turtle. When I say host not found is the host command which is not found. IE I get this response -ash: host: not found. I figure this is either something with my server.conf file or with my iptables. Thanks again for anyone that can help. so "host" tool is not installed, that makes sense now. you can check connectivity with ping as well like "sudo ping -c 3 google.com" and see if it resolves or "sudo nslookup google.com". Ping should def be installed(based on your error just wondering if you need to use sudo), not sure on nslookup(but usually is). If you have to use sudo with the turtle, see if the host command works again with "sudo host poop.com", but just look for it in either /bin or /usr/share/bin, should be there if it's installed. I don't own a turtle so can't look myself. Quote
Rainman_34 Posted August 7, 2017 Author Posted August 7, 2017 2 hours ago, kdodge said: ping: sendto: Operation not permitted This is common when an iptables rule is blocking traffic. One thing to check in your rules is to look for -A OUTPUT -o eth+ ..., cause when you connect up using openvpn, you will probably need to add/change it to -A OUTPUT -o tun+….. It’s something to check anyway I have tried the following IP table options and none of them have corrected the issue. sudo iptables -t nat -I POSTROUTING 1 -o tun0 -j MASQUERADE sudo iptables -I FORWARD 1 -i tun0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -I FORWARD 1 -i eth1 -o tun0 -j ACCEPT iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE iptables -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -i tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -j ACCEPT Quote
Rainman_34 Posted August 7, 2017 Author Posted August 7, 2017 2 minutes ago, digip said: so "host" tool is not installed, that makes sense now. you can check connectivity with ping as well like "sudo ping -c 3 google.com" and see if it resolves or "sudo nslookup google.com". Ping should def be installed(based on your error just wondering if you need to use sudo), not sure on nslookup(but usually is). If you have to use sudo with the turtle, see if the host command works again with "sudo host poop.com", but just look for it in either /bin or /usr/share/bin, should be there if it's installed. I don't own a turtle so can't look myself. well apparently since you are root on the turtle sudo is not installed either. From my research it appears to be an iptables rule. I am going to ask this in the lan turtle section since it appears to be a lan turtle issue. Quote
digip Posted August 7, 2017 Posted August 7, 2017 1 minute ago, Rainman_34 said: well apparently since you are root on the turtle sudo is not installed either. From my research it appears to be an iptables rule. I am going to ask this in the lan turtle section since it appears to be a lan turtle issue. Yeah, that would probably help but if you have root access, just search the system for the tool. If "host" is not installed I'm sure ping is. If ping is blocked, then check the "iptables -L" to see what rules are set. Quote
Rainman_34 Posted August 7, 2017 Author Posted August 7, 2017 1 minute ago, digip said: Yeah, that would probably help but if you have root access, just search the system for the tool. If "host" is not installed I'm sure ping is. If ping is blocked, then check the "iptables -L" to see what rules are set. ping is blocked. I have to learn more about iptables to figure this issue out. I have tried the iptable options listed above in one of my other posts. Quote
digip Posted August 9, 2017 Posted August 9, 2017 Before spinning your wheels, is the Turtle capable of doing what you ask? I'm not 100% up to speed on the turtle, but I thought the whole point of the turtle was to fake a network and DHCP server to make the machine connect to it for various attacks, but what are it's intended uses? What is the device's main use for? Quote
Rainman_34 Posted August 9, 2017 Author Posted August 9, 2017 So my inpatience kicked in. Darren does a great video on how to do this with openvpn access server and shows it working. Thats where I stipped watching. If you watch the last three minutes or so he discusses changes that need made on the turtle which makes this work. Quote
digip Posted August 9, 2017 Posted August 9, 2017 I have to go back and watch all the Turtle videos now. I have been slacking on keeping up with the show. I still don't own a pineapple, and have only dabbled with my Ducky, but I have no general use for them other than to learn how to use them. I think that's why the ducky sits in my laptop case pretty much since I bought it from them at Derbycon. It works, I tried it, but have no real use for it. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.