CletisNPT Posted December 16, 2017 Share Posted December 16, 2017 Hi, I'm trying to use the packet squirrel as a vpn client for my home network. There isn't much traffic so I imagine the hw can handle it. If I place the Sqrl Comp->Sqrl->Router, the individual computer has all its traffic pass through the vpn. However, if I place it Router->Sqrl->Modem then I am unable to browse or ping anything from my lan. I can still ssh to it as my router's outside address picks up 172.16.32.154 and the pckt sqrl is still 172.16.32.1. I can see that the vpn tunnel is built but am stumped as to why traffic is flowing. Thoughts greatly appreciated :-) Link to comment Share on other sites More sharing options...
CletisNPT Posted December 16, 2017 Author Share Posted December 16, 2017 eth1 gets a public ip assigned from the ISP as well. Sanitized routing table looks the same less the addresses as if it were hooked up internally: root@squirrel:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.70.10.5 128.0.0.0 UG 0 0 0 tun0 0.0.0.0 171.100.18.1 0.0.0.0 UG 0 0 0 eth1 10.70.10.1 10.70.10.5 255.255.255.255 UGH 0 0 0 tun0 10.70.10.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 171.100.18.0 0.0.0.0 255.255.252.0 U 0 0 0 eth1 171.100.18.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 128.0.0.0 10.70.10.5 128.0.0.0 UG 0 0 0 tun0 172.16.32.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 210.157.254.11 171.100.18.1 255.255.255.255 UGH 0 0 0 eth1 Link to comment Share on other sites More sharing options...
b0N3z Posted December 19, 2017 Share Posted December 19, 2017 Make sure you have your config file setup correctly from your VPN provider and user creds in the config. Then edit the payload to allow clients. I can't remember the exact line but it's twords the top. You just need to change the 0 to a 1 which will allow access. Link to comment Share on other sites More sharing options...
CletisNPT Posted December 19, 2017 Author Share Posted December 19, 2017 Thnx for the reply @b0N3z. The config is good to go when connected from singleMachine->PcktSqrl->Router->Modem so I'm stumped as to why it doesn't work when placed inline between the router and modem. Here's the setup: root@squirrel:~/payloads/switch3# ls -lah drwxr-xr-x 1 root root 0 Oct 30 21:29 . drwxr-xr-x 1 root root 0 Sep 6 11:05 .. -rw-r--r-- 1 root root 2.0K Oct 30 21:28 ca.rsa.2048.crt -rw-r--r-- 1 root root 300 Oct 30 21:30 config.ovpn -rw------- 1 root root 31 Oct 30 21:29 creds.txt -rw-r--r-- 1 root root 869 Oct 30 21:28 crl.rsa.2048.pem -rwxr-xr-x 1 root root 897 Oct 19 05:37 payload.sh root@squirrel:~/payloads/switch3# head payload.sh #!/bin/bash # OpenVPN payload # Set to 1 to allow clients to use the VPN FOR_CLIENTS=1 DNS_SERVER="84.200.69.80" # Cheap hack to set the DNS server function setdns() { root@squirrel:~/payloads/switch3# cat config.ovpn client dev tun proto udp remote <server>.<vpnprovider>.com 1194 resolv-retry infinite nobind persist-key persist-tun cipher aes-128-cbc auth sha1 tls-client remote-cert-tls server auth-user-pass creds.txt comp-lzo verb 1 reneg-sec 0 crl-verify crl.rsa.2048.pem ca ca.rsa.2048.crt Link to comment Share on other sites More sharing options...
CletisNPT Posted December 19, 2017 Author Share Posted December 19, 2017 I think it might be a dns issue maybe because the computer says it has an internet connection, yet I am unable to ping 8.8.8.8 or browse to anything. I wonder if cloning the mac so the ISP thinks the Sqrl is the router would change anything. Or maybe I need to disable static dns on the router so it uses the Sqrl? I have an internal dns server though which everything works off right now and have connectivity to the internet. Therefore, that shouldn't change when the Sqrl is placed inline... Just barinstorming as to what the issue could be. The vpn connection builds when placed inline between the router and modem, I just don't think any traffic is traversing it. Link to comment Share on other sites More sharing options...
b0N3z Posted December 19, 2017 Share Posted December 19, 2017 If everything is running from Google dns 8.8.8.8 then shouldn't the payload call the same dns? I'm not totally sure as I'm not a pro at all this lol but I did get mine working from my router. Have not tried it from between my modem and router yet. Link to comment Share on other sites More sharing options...
CletisNPT Posted December 19, 2017 Author Share Posted December 19, 2017 My home net uses 84.200.69.80 for dns so in theory there shouldn't be any issue using it for the payload either. Again, everything works computer->PcktSqrl->Router->Modem so in theory everything should still work Router->PcktSqrl->Modem. Link to comment Share on other sites More sharing options...
trashbo4t Posted December 27, 2017 Share Posted December 27, 2017 I just set up my packet squirrel in between my router and modem, and it works perfectly. I have a Ubuntu 16.04.3 x64 server running in the cloud. I SSH'd into my server and ran root@my.virtual.server.address> wget https://git.io/vpn -O openvpn.sh && bash openvpn.sh and went through the setup process for that. Then I plugged my squirrel into my home machine (Windows 8), SSH'd into it and ran root@squirrel> scp root@my.virtual.server.addr:client.ovpn payloads/switch3/config.ovpn From there I setup my pc as a target machine to verify I could deploy this properly in between LAN and a user machine. So I SSH'd into my virtual server, then from my server session I SSH'd into the incremented address of my tun0 interface and was successful in establishing a session with my squirrel. So then I deployed the squirrel in between my router and modem and was successful. albeit I was not successful at first until I plugged the wires in and out. Perhaps the squirrel needs to boot up and begin executing a payload before Ethernet cables are plugged in... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.