hachiman Posted August 30, 2021 Share Posted August 30, 2021 Hi there, I am currently trying to get my OpenVPN demo up and running, making it possible to remotely connect to the network the turtle is connected to. Baseline is the setup as described by Darren: Access Internal Networks with Reverse VPN connections - Hak5 1921 I have my OpenVPN server, I have created a user for the turtle, one for the laptop, all good. Both can connect to the OpenVPN and I can even connect back to the turtle and SSH in to it. But I am not able to go any further from that into the internal network the connected to the RJ45 port at the turtle. When I use the OpenVPN to ssh into the turtle, I can ping the resource in question. Apparently I make some mistakes with the routing config on the OpenVPN? Sorry but I cant upload images anymore, so I have to describe what I did. The OpenVPN turtle user is configured as VPN Gateway, with the following subnets 172.16.0.0/16 & 192.168.0.0/16. This is the turtle output: root@turtle:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 172.27.224.1 128.0.0.0 UG 0 0 0 tun0 default 172.16.7.254 0.0.0.0 UG 20 0 0 eth1 default 172.16.84.84 0.0.0.0 UG 30 0 0 eth0 128.0.0.0 172.27.224.1 128.0.0.0 UG 0 0 0 tun0 167.99.128.12 172.16.7.254 255.255.255.255 UGH 0 0 0 eth1 172.16.0.0 * 255.255.0.0 U 20 0 0 eth1 172.16.84.0 * 255.255.255.0 U 30 0 0 eth0 172.27.224.0 * 255.255.248.0 U 0 0 0 tun0 root@turtle:~# ifconfig eth0 Link encap:Ethernet HWaddr 00:13:37:A6:xx:xx inet addr:172.16.84.1 Bcast:172.16.84.255 Mask:255.255.255.0 inet6 addr: fe80::213:37ff:xxxx:xxxx/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:16 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:1960 (1.9 KiB) Interrupt:4 eth1 Link encap:Ethernet HWaddr 00:13:37:A6:xx:xx inet addr:172.16.15.161 Bcast:172.16.255.255 Mask:255.255.0.0 inet6 addr: fe80::213:37ff:::/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:118553 errors:0 dropped:1583 overruns:0 frame:0 TX packets:4310 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:12094247 (11.5 MiB) TX bytes:566197 (552.9 KiB) Interrupt:5 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:2488 errors:0 dropped:0 overruns:0 frame:0 TX packets:2488 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:168094 (164.1 KiB) TX bytes:168094 (164.1 KiB) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:172.27.224.11 P-t-P:172.27.224.11 Mask:255.255.248.0 inet6 addr: fe80::e208:91c9:::/64 Scope:Link UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:346 errors:0 dropped:0 overruns:0 frame:0 TX packets:531 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:26292 (25.6 KiB) TX bytes:118753 (115.9 KiB) This is the client output └──╼ $ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 inet6 fe80::67ce:549b::: prefixlen 64 scopeid 0x20<link> ether 08:00:27:b3:d8:99 txqueuelen 1000 (Ethernet) RX packets 9360 bytes 9749835 (9.2 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 6679 bytes 801398 (782.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 700 bytes 52508 (51.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 700 bytes 52508 (51.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 172.27.232.11 netmask 255.255.248.0 destination 172.27.232.11 inet6 fe80::3ade:e4c:: prefixlen 64 scopeid 0x20<link> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC) RX packets 693 bytes 313538 (306.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 811 bytes 80166 (78.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ┌─[hackerman@parrot]─[~/Downloads] └──╼ $route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.27.232.1 128.0.0.0 UG 0 0 0 tun0 default 10.0.2.2 0.0.0.0 UG 100 0 0 eth0 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 128.0.0.0 172.27.232.1 128.0.0.0 UG 0 0 0 tun0 167.99.128.12 10.0.2.2 255.255.255.255 UGH 0 0 0 eth0 172.27.232.0 0.0.0.0 255.255.248.0 U 0 0 0 tun0 When I establish the VPN connection on the client, I dont see any route adds for the specific network of 172.16.0.0/16, as I configured it in the OpenVPN GUI. 2021-08-30 11:26:00 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=eth0 HWADDR=08:00:27:b3:d8:99 2021-08-30 11:26:00 TUN/TAP device tun0 opened 2021-08-30 11:26:00 net_iface_mtu_set: mtu 1500 for tun0 2021-08-30 11:26:00 net_iface_up: set tun0 up 2021-08-30 11:26:00 net_addr_v4_add: 172.27.232.13/21 dev tun0 2021-08-30 11:26:05 ROUTE remote_host is NOT LOCAL 2021-08-30 11:26:05 net_route_v4_add: 1.199.128.12/32 via 10.0.2.2 dev [NULL] table 0 metric -1 2021-08-30 11:26:05 net_route_v4_add: 0.0.0.0/1 via 172.27.232.1 dev [NULL] table 0 metric -1 2021-08-30 11:26:05 net_route_v4_add: 128.0.0.0/1 via 172.27.232.1 dev [NULL] table 0 metric -1 2021-08-30 11:26:05 Initialization Sequence Completed Anyone any idea why? What am I missing in terms of routing? Quote Link to comment Share on other sites More sharing options...
chrizree Posted August 30, 2021 Share Posted August 30, 2021 I assume that you have verified the firewall rules that needs to be in place on the Turtle (at the end of the mentioned video) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.