corabrickdog Posted April 2, 2019 Share Posted April 2, 2019 Hey all, I ordered my Lan Turtle 3G on December 1st. It arrived fine and everything worked well out of the box. I plugged it into my Mac Book Pro and into my ethernet switch. Modules worked great, I was able to access everything online through my Mac with the turtle providing ethernet to it. But this turtle was running the Turtle Shell Version 3, so I updated it using the normal "check for updates" option in the "configuration" tab through the turtle's SSH. The update went fine but when the turtle came back online it could not provide my Mac with any internet. I was still able to SSH into the turtle with the self assigned IP address of 172.16.84.1 and the turtle said it was now running Turtle Version 5. When I ran 'ifconfig' it showed the self assigned IP address of 172.16.84.1 in eth0 and a DHCP address in eth1 which was assigned from my router (10.10.x.x). I could not check for updates, download modules, or ping google.com from the turtle (via SSH) or from my Mac when the turtle was plugged into it with ethernet. I contacted Hak5 support and after a day or so they offered to send me a new Lan Turtle 3G. I received that one and had the same issue when the turtle updated to Turtle Version 5. I told the same support tech that the issue persisted on the new turtle, she verified with me that I had both plugged the turtle into an ethernet cord and into my Mac but after a few back and fourths she never replied to my email. My last response with Hak5 via email was on March 7th. I'm able to run everything and use the turtle fine when it is on Turtle Version 3 but as soon as I upgrade to Turtle Version 5 the turtle is unable to do anything that required a DHCP address or internet even though I can see it has been assigned one when I SSH into the turtle and run 'ifconfig'. If anyone is able to help me figure this issue out and get my Lan Turtle 3G to work properly on Turtle Version 5 it would be greatly appreciated. Thanks! This issue has been solved. See my last post for solution if anyone else is having this issue. Link to comment Share on other sites More sharing options...
corabrickdog Posted April 2, 2019 Author Share Posted April 2, 2019 In addition, I've had the same results on MacOS, Windows 7, Windows 10, and a Kali Linux VM. Link to comment Share on other sites More sharing options...
Just_a_User Posted April 2, 2019 Share Posted April 2, 2019 38 minutes ago, corabrickdog said: If anyone is able to help me figure this issue out and get my Lan Turtle 3G to work properly on Turtle Version 5 it would be greatly appreciated. You are in a nice position with 2x units to compare configs etc.in the two units. I would be interested in seeing the /etc/config/network and /etc/config/firewall from each unit. Also have you factory reset each one? using the 192.168.... adddress? https://docs.hak5.org/hc/en-us/articles/360010471134-Factory-Reset Link to comment Share on other sites More sharing options...
corabrickdog Posted April 2, 2019 Author Share Posted April 2, 2019 3 minutes ago, Just_a_User said: You are in a nice position with 2x units to compare configs etc.in the two units. I would be interested in seeing the /etc/config/network and /etc/config/firewall from each unit. Also have you factory reset each one? using the 192.168.... adddress? https://docs.hak5.org/hc/en-us/articles/360010471134-Factory-Reset Thanks for the reply. As requested here is the output for the turtle on version 3: root@turtle:~# cat /etc/config/network config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config interface 'lan' option ifname 'eth0' option proto 'static' option ipaddr '172.16.84.1' option gateway '172.16.84.84' option netmask '255.255.255.0' option ip6assign '60' option metric '30' config interface 'wan' option ifname 'eth1' option proto 'dhcp' option metric '20' config interface 'wan6' option ifname '@wan' option proto 'dhcpv6' option metric '20' config interface 'vpn' option ifname 'tun0' option proto 'dhcp' config interface '3gwan' option device '/dev/ttyACM0' option proto '3g' option service 'umts' option dns '8.8.8.8' option metric '10' option disabled '0' root@turtle:~# root@turtle:~# cat /etc/config/firewall config defaults option syn_flood 1 option input REJECT option output REJECT option forward REJECT # Uncomment this line to disable ipv6 rules # option disable_ipv6 1 config zone option name lan list network 'lan' option input ACCEPT option output ACCEPT option forward ACCEPT config zone option name wan list network 'wan' list network 'wan6' option input REJECT option output ACCEPT option forward ACCEPT option masq 1 option mtu_fix 1 config zone option name 3gwan list network '3gwan' option input REJECT option output ACCEPT option forward REJECT option masq 1 option mtu_fix 1 config forwarding option src lan option dest wan # We need to accept udp packets on port 68, # see https://dev.openwrt.org/ticket/4108 config rule option name Allow-DHCP-Renew option src wan option proto udp option dest_port 68 option target ACCEPT option family ipv4 # Allow IPv4 ping config rule option name Allow-Ping option src wan option proto icmp option icmp_type echo-request option family ipv4 option target ACCEPT config rule option name Allow-IGMP option src wan option proto igmp option family ipv4 option target ACCEPT # Allow DHCPv6 replies # see https://dev.openwrt.org/ticket/10381 config rule option name Allow-DHCPv6 option src wan option proto udp option src_ip fe80::/10 option src_port 547 option dest_ip fe80::/10 option dest_port 546 option family ipv6 option target ACCEPT config rule option name Allow-MLD option src wan option proto icmp option src_ip fe80::/10 list icmp_type '130/0' list icmp_type '131/0' list icmp_type '132/0' list icmp_type '143/0' option family ipv6 option target ACCEPT # Allow essential incoming IPv6 ICMP traffic config rule option name Allow-ICMPv6-Input option src wan option proto icmp list icmp_type echo-request list icmp_type echo-reply list icmp_type destination-unreachable list icmp_type packet-too-big list icmp_type time-exceeded list icmp_type bad-header list icmp_type unknown-header-type list icmp_type router-solicitation list icmp_type neighbour-solicitation list icmp_type router-advertisement list icmp_type neighbour-advertisement option limit 1000/sec option family ipv6 option target ACCEPT # Allow essential forwarded IPv6 ICMP traffic config rule option name Allow-ICMPv6-Forward option src wan option dest * option proto icmp list icmp_type echo-request list icmp_type echo-reply list icmp_type destination-unreachable list icmp_type packet-too-big list icmp_type time-exceeded list icmp_type bad-header list icmp_type unknown-header-type option limit 1000/sec option family ipv6 option target ACCEPT # include a file with users custom iptables rules config include option path /etc/firewall.user ### EXAMPLE CONFIG SECTIONS # do not allow a specific ip to access wan #config rule # option src lan # option src_ip 192.168.45.2 # option dest wan # option proto tcp # option target REJECT # block a specific mac on wan #config rule # option dest wan # option src_mac 00:11:22:33:44:66 # option target REJECT # block incoming ICMP traffic on a zone #config rule # option src lan # option proto ICMP # option target DROP # port redirect port coming in on wan to lan #config redirect # option src wan # option src_dport 80 # option dest lan # option dest_ip 192.168.16.235 # option dest_port 80 # option proto tcp # port redirect of remapped ssh port (22001) on wan #config redirect # option src wan # option src_dport 22001 # option dest lan # option dest_port 22 # option proto tcp # allow IPsec/ESP and ISAKMP passthrough config rule option src wan option dest lan option proto esp option target ACCEPT config rule option src wan option dest lan option dest_port 500 option proto udp option target ACCEPT ### FULL CONFIG SECTIONS #config rule # option src lan # option src_ip 192.168.45.2 # option src_mac 00:11:22:33:44:55 # option src_port 80 # option dest wan # option dest_ip 194.25.2.129 # option dest_port 120 # option proto tcp # option target REJECT #config redirect # option src lan # option src_ip 192.168.45.2 # option src_mac 00:11:22:33:44:55 # option src_port 1024 # option src_dport 80 # option dest_ip 194.25.2.129 # option dest_port 120 # option proto tcp root@turtle:~# And for version 5: root@turtle:~# cat /etc/config/network config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config interface 'lan' option ifname 'eth0' option proto 'static' option ipaddr '172.16.84.1' option gateway '172.16.84.84' option netmask '255.255.255.0' option ip6assign '60' option metric '30' config interface 'wan' option ifname 'eth1' option proto 'dhcp' option metric '20' option ip4table '200' config interface 'wan6' option ifname '@wan' option proto 'dhcpv6' option metric '20' config interface 'vpn' option ifname 'tun0' option proto 'dhcp' config interface '3gwan' option device '/dev/ttyACM0' option proto '3g' option service 'umts' option dns '8.8.8.8' option metric '10' option disabled '0' root@turtle:~# cat /etc/config/firewall config defaults option syn_flood 1 option input REJECT option output REJECT option forward REJECT # Uncomment this line to disable ipv6 rules # option disable_ipv6 1 config zone option name lan list network 'lan' option input ACCEPT option output ACCEPT option forward ACCEPT config zone option name wan list network 'wan' list network 'wan6' option input REJECT option output ACCEPT option forward ACCEPT option masq 1 option mtu_fix 1 config zone option name 3gwan list network '3gwan' option input REJECT option output ACCEPT option forward REJECT option masq 1 option mtu_fix 1 config forwarding option src lan option dest wan config zone 'vpn' option name 'vpn' option network 'vpn' option input 'ACCEPT' option forward 'REJECT' option output 'ACCEPT' option masq '1' config forwarding 'vpn_forwarding_lan_in' option src 'vpn' option dest 'lan' config forwarding 'vpn_forwarding_lan_out' option src 'lan' option dest 'vpn' # We need to accept udp packets on port 68, # see https://dev.openwrt.org/ticket/4108 config rule option name Allow-DHCP-Renew option src wan option proto udp option dest_port 68 option target ACCEPT option family ipv4 # Allow IPv4 ping config rule option name Allow-Ping option src wan option proto icmp option icmp_type echo-request option family ipv4 option target ACCEPT config rule option name Allow-IGMP option src wan option proto igmp option family ipv4 option target ACCEPT # Allow DHCPv6 replies # see https://dev.openwrt.org/ticket/10381 config rule option name Allow-DHCPv6 option src wan option proto udp option src_ip fe80::/10 option src_port 547 option dest_ip fe80::/10 option dest_port 546 option family ipv6 option target ACCEPT config rule option name Allow-MLD option src wan option proto icmp option src_ip fe80::/10 list icmp_type '130/0' list icmp_type '131/0' list icmp_type '132/0' list icmp_type '143/0' option family ipv6 option target ACCEPT # Allow essential incoming IPv6 ICMP traffic config rule option name Allow-ICMPv6-Input option src wan option proto icmp list icmp_type echo-request list icmp_type echo-reply list icmp_type destination-unreachable list icmp_type packet-too-big list icmp_type time-exceeded list icmp_type bad-header list icmp_type unknown-header-type list icmp_type router-solicitation list icmp_type neighbour-solicitation list icmp_type router-advertisement list icmp_type neighbour-advertisement option limit 1000/sec option family ipv6 option target ACCEPT # Allow essential forwarded IPv6 ICMP traffic config rule option name Allow-ICMPv6-Forward option src wan option dest * option proto icmp list icmp_type echo-request list icmp_type echo-reply list icmp_type destination-unreachable list icmp_type packet-too-big list icmp_type time-exceeded list icmp_type bad-header list icmp_type unknown-header-type option limit 1000/sec option family ipv6 option target ACCEPT # include a file with users custom iptables rules config include option path /etc/firewall.user ### EXAMPLE CONFIG SECTIONS # do not allow a specific ip to access wan #config rule # option src lan # option src_ip 192.168.45.2 # option dest wan # option proto tcp # option target REJECT # block a specific mac on wan #config rule # option dest wan # option src_mac 00:11:22:33:44:66 # option target REJECT # block incoming ICMP traffic on a zone #config rule # option src lan # option proto ICMP # option target DROP # port redirect port coming in on wan to lan #config redirect # option src wan # option src_dport 80 # option dest lan # option dest_ip 192.168.16.235 # option dest_port 80 # option proto tcp # port redirect of remapped ssh port (22001) on wan #config redirect # option src wan # option src_dport 22001 # option dest lan # option dest_port 22 # option proto tcp # allow IPsec/ESP and ISAKMP passthrough config rule option src wan option dest lan option proto esp option target ACCEPT config rule option src wan option dest lan option dest_port 500 option proto udp option target ACCEPT ### FULL CONFIG SECTIONS #config rule # option src lan # option src_ip 192.168.45.2 # option src_mac 00:11:22:33:44:55 # option src_port 80 # option dest wan # option dest_ip 194.25.2.129 # option dest_port 120 # option proto tcp # option target REJECT #config redirect # option src lan # option src_ip 192.168.45.2 # option src_mac 00:11:22:33:44:55 # option src_port 1024 # option src_dport 80 # option dest_ip 194.25.2.129 # option dest_port 120 # option proto tcp root@turtle:~# Yes I have factory reset each one. Uploading Version 3 and Version 5 for both, which results in the same issue when the turtle is on Version 5. Thanks again for the reply. Link to comment Share on other sites More sharing options...
Just_a_User Posted April 2, 2019 Share Posted April 2, 2019 8 minutes ago, corabrickdog said: Yes I have factory reset each one. Uploading Version 3 and Version 5 for both Before I start comparing the configs, when you flashed the factory reset firmwares... did you upload upgrade files or the special factory version? Maybe you had an old V3 factory version of the FW? Link to comment Share on other sites More sharing options...
corabrickdog Posted April 2, 2019 Author Share Posted April 2, 2019 Looking at the differences, it looks like the version 5 has an additional line here: config interface 'wan' option ifname 'eth1' option proto 'dhcp' option metric '20' option ip4table '200' Vs version 3 which is missing the last line: config interface 'wan' option ifname 'eth1' option proto 'dhcp' option metric '20' In addition version 5 adds a whole VPN sections which version 3 does not: config zone 'vpn' option name 'vpn' option network 'vpn' option input 'ACCEPT' option forward 'REJECT' option output 'ACCEPT' option masq '1' config forwarding 'vpn_forwarding_lan_in' option src 'vpn' option dest 'lan' config forwarding 'vpn_forwarding_lan_out' option src 'lan' option dest 'vpn' And that seems to be the only two differences.. Maybe the VPN sections screws with how the turtle provides internet? Link to comment Share on other sites More sharing options...
corabrickdog Posted April 2, 2019 Author Share Posted April 2, 2019 9 minutes ago, Just_a_User said: Before I start comparing the configs, when you flashed the factory reset firmwares... did you upload upgrade files or the special factory version? Maybe you had an old V3 factory version of the FW? I just tried it to make sure I wasen't crazy but unfortunately the issue is still the same even with a factory bin 😞 Link to comment Share on other sites More sharing options...
Just_a_User Posted April 2, 2019 Share Posted April 2, 2019 4 minutes ago, corabrickdog said: Maybe the VPN sections screws with how the turtle provides internet? I have a feeling the VPN addition is possibly for the Hak5 C2 communication. Either that or pre-empting the openvpn module maybe. Link to comment Share on other sites More sharing options...
Just_a_User Posted April 2, 2019 Share Posted April 2, 2019 3 minutes ago, corabrickdog said: I just tried it to make sure I wasen't crazy but unfortunately the issue is still the same even with a factory bin 😞 Worth a check 🙂 Are you running without SIM cards? if so did you enable LAN fallover if no 3g? Link to comment Share on other sites More sharing options...
Irukandji Posted April 3, 2019 Share Posted April 3, 2019 My windows 10 box was playing havoc with the confg of the sim card. So I plugged it into my Rpi3+ running Kali Linux and worked. What type of sim card are you using. Link to comment Share on other sites More sharing options...
corabrickdog Posted April 4, 2019 Author Share Posted April 4, 2019 On 4/2/2019 at 3:15 PM, Just_a_User said: Worth a check 🙂 Are you running without SIM cards? if so did you enable LAN fallover if no 3g? This totally fixed my issue, I feel a little dumb that I never noticed in Turtle Version 5 the option to enable a Wan Fallback is available. After enabling that my turtle was able to use the internet. Here is the option if anybody else is as dumb as me.. Although the turtle was now able to use the internet - it was still not passing through to my Mac. In order to fix that, I had to go into /etc/config/dhcp and change: config odhcpd 'odhcpd' option maindhcp '0' option leasefile '/tmp/hosts/odhcpd' option leasetrigger '/usr/sbin/odhcpd-update' To this: config odhcpd 'odhcpd' option maindhcp '1' option leasefile '/tmp/hosts/odhcpd' option leasetrigger '/usr/sbin/odhcpd-update' After changing those two settings my LanTurtle3G is working perfectly. Thanks to @Just_a_User for all their help. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.