Home Vpn Client Between Router and Modem

[CletisNPT]

Hi,

I'm trying to use the packet squirrel as a vpn client for my home network. There isn't much traffic so I imagine the hw can handle it. If I place the Sqrl Comp->Sqrl->Router, the individual computer has all its traffic pass through the vpn. However, if I place it Router->Sqrl->Modem then I am unable to browse or ping anything from my lan. I can still ssh to it as my router's outside address picks up 172.16.32.154 and the pckt sqrl is still 172.16.32.1. I can see that the vpn tunnel is built but am stumped as to why traffic is flowing. Thoughts greatly appreciated :-)

[CletisNPT]

eth1 gets a public ip assigned from the ISP as well. Sanitized routing table looks the same less the addresses as if it were hooked up internally:

root@squirrel:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.70.10.5      128.0.0.0       UG    0      0        0 tun0
0.0.0.0         171.100.18.1    0.0.0.0         UG    0      0        0 eth1
10.70.10.1      10.70.10.5      255.255.255.255 UGH   0      0        0 tun0
10.70.10.5      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
171.100.18.0    0.0.0.0         255.255.252.0   U     0      0        0 eth1
171.100.18.1    0.0.0.0         255.255.255.255 UH    0      0        0 eth1
128.0.0.0       10.70.10.5      128.0.0.0       UG    0      0        0 tun0
172.16.32.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
210.157.254.11  171.100.18.1    255.255.255.255 UGH   0      0        0 eth1

[b0N3z]

Make sure you have your config file setup correctly from your VPN provider and user creds in the config. Then edit the payload to allow clients. I can't remember the exact line but it's twords the top.  You just need to change the 0 to a 1 which will allow access. 

[CletisNPT]

Thnx for the reply @b0N3z. The config is good to go when connected from singleMachine->PcktSqrl->Router->Modem so I'm stumped as to why it doesn't work when placed inline between the router and modem. Here's the setup:

root@squirrel:~/payloads/switch3# ls -lah
drwxr-xr-x    1 root     root           0 Oct 30 21:29 .
drwxr-xr-x    1 root     root           0 Sep  6 11:05 ..
-rw-r--r--    1 root     root        2.0K Oct 30 21:28 ca.rsa.2048.crt
-rw-r--r--    1 root     root         300 Oct 30 21:30 config.ovpn
-rw-------    1 root     root          31 Oct 30 21:29 creds.txt
-rw-r--r--    1 root     root         869 Oct 30 21:28 crl.rsa.2048.pem
-rwxr-xr-x    1 root     root         897 Oct 19 05:37 payload.sh
root@squirrel:~/payloads/switch3# head payload.sh
#!/bin/bash
# OpenVPN payload

# Set to 1 to allow clients to use the VPN
FOR_CLIENTS=1

DNS_SERVER="84.200.69.80"

# Cheap hack to set the DNS server
function setdns() {
root@squirrel:~/payloads/switch3# cat config.ovpn
client
dev tun
proto udp
remote <server>.<vpnprovider>.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass creds.txt
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt

 

[CletisNPT]

I think it might be a dns issue maybe because the computer says it has an internet connection, yet I am unable to ping 8.8.8.8 or browse to anything. I wonder if cloning the mac so the ISP thinks the Sqrl is the router would change anything. Or maybe I need to disable static dns on the router so it uses the Sqrl? I have an internal dns server though which everything works off right now and have connectivity to the internet. Therefore, that shouldn't change when the Sqrl is placed inline... Just barinstorming as to what the issue could be.

The vpn connection builds when placed inline between the router and modem, I just don't think any traffic is traversing it.

[b0N3z]

If everything is running from Google dns 8.8.8.8 then shouldn't the payload call the same dns?  I'm not totally sure as I'm not a pro at all this lol but I did get mine working from my router. Have not tried it from between my modem and router yet. 

[CletisNPT]

My home net uses 84.200.69.80 for dns so in theory there shouldn't be any issue using it for the payload either. Again, everything works computer->PcktSqrl->Router->Modem so in theory everything should still work Router->PcktSqrl->Modem.

[trashbo4t]

I just set up my packet squirrel in between my router and modem, and it works perfectly.

I have a Ubuntu 16.04.3 x64 server running in the cloud.

I SSH'd into my server and ran

root@my.virtual.server.address> wget https://git.io/vpn -O openvpn.sh && bash openvpn.sh

and went through the setup process for that.

Then I plugged my squirrel into my home machine (Windows 8), SSH'd into it and ran

root@squirrel> scp root@my.virtual.server.addr:client.ovpn payloads/switch3/config.ovpn

From there I setup my pc as a target machine to verify I could deploy this properly in between LAN and a user machine.

So I SSH'd into my virtual server, then from my server session I SSH'd into the incremented address of my tun0 interface and was successful in establishing a session with my squirrel.

So then I deployed the squirrel in between my router and modem and was successful.

albeit I was not successful at first until I plugged the wires in and out.

Perhaps the squirrel needs to boot up and begin executing a payload before Ethernet cables are plugged in...