THANK YOU! I've been struggling with this for a few days now. I was able to ping my LAN Turtle through the VPN tunnel, but I wasn't able to access anything else on the network. That last bit about /etc/config/firewall is what finally got it to work. Thank you!
+vissago hi Dan, really enjoy your work and watching your talks. I really enjoyed the open VNC authentication showcase at Devoxx. One question though. With all the abuse complaints from pissy sysadmins, how were you guys able to do this evaluation over the entire internet without legal recourse or threat? In some states in the U.S., even an unauthorized attempt to login to a server can warrant legal action. I'm just curious as to what the reaction was to this, if any.
+Noah Stanford Thanks! Port scanning isn't illegal - even over the whole internet. Did you know that google does it? They only scan a small number of ports, and only for things that have webservers attached - but MANY different protocols can be interacted with over the web - svn, ftp, ssh, telnet, http/s, vnc ... so if all the major search engines in the world can touch every ip on the planet, why can't an individual?
+vissago I understand tcp/ip and those protocols (others aswell, RDP, RPC, etc). I just wasn't sure about the legality of attempting authentication to those VNC servers as some states in the U.S. outline attempted intrusion as a crime itself, even without success. Now that I think about it though, if they were wide open with no auth whatsoever it must be legal since everyone has the resources to connect without a password. Masscan actually gave me the motivation to build an obfuscated admin/control protocol in python using sockets and a combination of key based encryption and fingerprinting to establish an access control list. It's a work in progress, but overall a great learning experience! [ tl;dr i know :) ]
+Noah Stanford public is public! If it doesn't ask for a password, and google can spider it, then it's legal for you to be there and see it. no matter what it is. no matter what port it's on.
I deployed this OpenVPN AS exactly the same way. Except I used a RADIUS server for our Windows AD domain integration. Awesome Awesome Gateway VPN solution.
I’ve been looking around for this for weeks ! Thanks for this awesome video. Now I need to understand how to create the vpn interface and the firewall rules with nftables on Debian 10!
Thanks Darren! This had the same spike level as the USB Switchblade had on me back in 2008!!! I could picture telling my step-dad (computer teacher / repair man by trade) ... I'm on your LAN. tip 1: I have not installed anything on any of your computers in the house, tip 2: I have not opened any ports in your router. tip 3: Do you know where ALL your power outlets are? ... only after a little bit of wait and head scratching between each steps ;) Oh, yeah, people... please, don't do this in your workplace.... Any sysadmins will notice any device on their network using bandwidth... But ... any home users might not be that smart ... Know buddies on gigabits? please pm me hehehe. Wow, thanks again Mr. Kitchen ;) I wish I could live closer to that warehouse of yours!
Great show Darren. Couldn't get it to work at first. Turned out I had to update the Mods in the Turtle. Otherwise it just wouldn't start on it's own. Now I have a great tool to show some of my clients in how their networks just aren't as safe as they think. :-)
Apparently this technique of reverse VPN connection isn't working anymore. i tried setting the exactly the way you described but it failed to allow access to internal network. Infact the route isn't going from server to client (which is acting as gateway)
Awesome! Using this to connect to my Linux box/zm server that's locked behind a nasty ISP firewall. Also loving my new droplet server! Great Job explaining to an oldie but newbie like me.
These demos in Linux are waaay better. Helps me remember commands and what to do in different scenarios like the dpkg -i for the deb file. No wonder I couldn't get that deb file to work before.
It gets even better when you setup a port froward on your VPN server that forwards down to a VPN client, and then to a PC on that network the VPN client is on.
First of all, I would like to say that respect the straight forward approach. However, I would request that you make a video surrounding the security considerations needed when deploying this type of set up.. The last thing that we would want to happen is for a inexperienced user to be compremised do to lack thereof...
Great video! I'm trying to set this up using a Raspberry Pi instead of a LAN Turtle. Both my RPi and pentester can dial into the VPS, and I can ping the RPi from pentest, but can't access the rest of the RPi network. This might be a firewall issue as described at the end of the video. Could someone help me fix this on Wheezy?
Hi. I've just been trying to do this using a Raspberry Pi too. Pi on the home network, and the Laptop via Mobile Broadband. All seems to work, but the Pi and the Laptop end up on different 172.27 subnet. Couldn't see in the OpenVPN SA server config where to limit it to one subnet. Google wan't my friend on this occasion.
thanks the instructions provided there work great thank you for pointing us in the right direction and thanks to why is a cow? for the troubleshooting and ip table configuration. just as a final point am using a raspberry pi zero so the ip table config need to be for wlan0 and also for some reason this did not work until i updated the firmware and rebooted the pi so far so good its been UP for 9 days Oh! i also changed the client.ovpn to client.conf
Hi. I have followed the instructions and checked it over and over 10 times. I can access the Turtle gateway with the subnet address defined in the VPN gateway setting. However, I cannot see any other device on that network. Am I doing something wrong? I would very much appreciate the help.
Any idea how to setup the "turtle" as a Debian box instead? This could make a great use for a RPi but I can only route to the local address of it. If I try going to my router or another machine on the network, I just drop packets.
So, instead of the client to host config for VPN, you create a MITM for the VPN connection? What are the pros/cons for this method over the traditional method of VPN'ing?
***** Will have to watch this on more than a few hours' sleep me thinks. But while I'm sleep-deprived ... I'm thinking out loud here... I was thinking of this being an as-needed solution for remote login to a private network. Need the login? Turn on or plugin the device before you go. The idea being that it could be used as a management port but remotely. I'm probably on the wrong path here and maybe wish for the LAN Turtle to replace a dedicated VPN server. But the more I think about it, the more I think it can't happen. Maybe the half way point is more needed than I thought ...
The half-way part is needed for it to work since it lets you bypass the firewall on the network where you drop the turtle. It works like this since both endpoints establish the connection and the turtle isn't the one actually looking to accept a session from the other machine. I did a similar setup using pfSense as my endpoint but it did require firewall configuration as I didn't have that midpoint at the time. As for an "as-needed" solution, I could easily see this as a practical setup for a remote access setup, even when on a mobile connection.
Hello Hak5, i have seen a bounch of videos about the lan turtle, But, if you just connect it to the Home's /work's ethernet (and NOT a computer, just to a powersource like a powerbank,outlet,etc) can you acces everything on that network that are connected to the ethernet??? + is the lan turtle 's tools (msf-meterpreter,scan networks,MITM-attacks, etc) fully undetectable? Please answear this as fast as possible!
Is all traffic routed through the VPS, or does the VPS just facilitate the connection? If traffic does go through the VPS, is it expensive? Thanks a lot for the video! I would like to be able to route traffic among remote networks like BitTorrent sync, where if you are behind a firewall or NAT, an intermediate server facilitates a handshake between two clients - but traffic doesn't go through the intermediate server. Does this method achieve that?
how to do same thing on CLI in order to connect as many connection as we can.. right now with your setup there is limitation of only 2 devices can connect simultaneously.. So please tell us to do the same thing with CLI.
+Skyler F There are many ways to determine the local LAN IP with the turtle. Check out the script2post, script2email or autossh modules. Since the configuration is held on the OpenVPN-AS server side, it's just a matter of changing the IP range in the admin web interface.
Hi there, I followed the tutorial to the dot and I wanted to ask if there are any additional settings the you implement somewhere not shown in the video since mine didn't go as planned. - I got myself a droplet and running the latest AS by OpenVPN - I can connect with my macOS laptop to the AS - I can connect my remote client and I can ping it and ssh into it. - I have checked the settings shown in the video for the "turtle" or "remote client" profile and I listed the Gateway subnet as well as make sure to download a fresh copy of the configuration file after triple checking all settings are correct. - I am unable to access devices behind the remote clients network. OpenVPN support claims there are more settings that need to be adjusted and they pointed me to a guide that involves router settings mod but obviously this would not work for me as I don't have access to router on the droplet nor access to the router at the remote location. Any help is appreciated.
Hello i have a new question when i deploy my embedded linux box to the client place and i host the openvpn server and everything installed correctly. When i go to one of there windows computers if i open a command line interface would i be able to ping the server to the server address or would i have to download a openvpn client on that computer?
Awesome, I am IT guy, and yet, i only learn this now!, video is from 2016!, sigh. I have actually been trying to do this before, but no idea there was simple package to deploy like this, just fired up an AWS instance and, done.
Question: OpenVPN Access Server is only free for 2 concurrent connections, right? Is this functionality available in the free community version of openvpn? Is it just the slick gui that Access aserver provides or is it a discrete product that offers this functionality?
This is in the community version. AS adds the web interface for admin config of server and clients, and also for creating and handing out ovpn files to client users.
Darren, can you please tell me what program or plugin adds this CPU;FREQ;NET;THERMAL;BATTERY on your system toolbar on the very top of your debian laptop? Can't find it :)
Outstanding presentation. I was having problems using a different VPN with my Linux Mint and the VPN that you are using appears to be what I am seeking. Also, could you share the make and model of the excellent clip on mike that you use?
pfsesne which is a bsd firewall distro comes with openvpn built in. It has a nice easy wizzard \ gui for setting things up and it there is a plugin that will create installers for windows\macs for client server configs.
So I have a unique issue, i think. I have my raspberry pi connecting just fine and have the user account setup just as you describe. However, my linux server has to allow me to access it remotely via 22 and 8443. When I connect, I am immediately kicked from the ssh session. I had to add route-nopull to the ovpn autoconnect file to stop this, however, I am unable to ping my PI from my linux client. I also checked routes, it doesn't appear to be adding any client gateway subnets to the route table. When i add them manually, I am still unable to ping clients on the vpn network, or on the pi's client network. did I miss something?
Well.. this is exactlly what I need, but can't afford... so I was trying to set it up using a self hosted server through a Raspberry Pi... not using digital ocean... more like a proof of concept and stay true with open source rather than spending some money ha... So technically this is a bridged openvpn setup but going through a lot of hoops. but it's nice to see it working
Hi Hak5 Any chance you could publish/make available the (sanitized) .ovpn files your clients use and the openvpn.conf? I have openvpn (not the AS version) and cannot get the routing between client networks functioning - guess I have a config option missing. Thanks!
+WETWORK For collecting the hashes I used an app called Elcomsoft Proactive System Password Recovery 6.52, it will grab cached password hashes. For the GPU bruteforce I used cudahashcat 1.37 On my GTX 960 it took around five hours to get to 8 characters, so if the password is 8 or more characters, you're looking at multiple weeks to bruteforce it, even with GPU-accelerated password brute forcing. TL:DR, don't go there.
That was the most easy understanding video on VPN so far. Well done for the great content. I would have a question though. Is there another solution other than VPN Access server to achieve the same thing? I mean the openvpn allows only two simultaneous connections for free and for more you need to buy a licence but the minimum licence is for 10 devices and i only need 4 devices. I'd really appreciate any suggestions as i need to access a server and its content through vpn.
Assuming your local windows machine (not on the LAN) has OpenVPN client connected to the OpenVPN AS server (like frog in the demo), and the remote windows machine is on the LAN (does not needs OpenVPN anything) -- then yes
@@m4gg197 In public wifi network everyone in that network has the same public IP, right? I'm asking I need my own public IP. for a reverse TCP connection to my public IP. (My college wifi network). I cant set up a port forwarding and stuff...
I bought a lan turtle a few years ago and had it working, got it out recently and couldn't remember my password so I reset it, and now I can't get it to work! I was even able to get a rasbperry pi to do a reverse shell, all except I couldn't get it to start up at boot. Anyone able to help? I got it to update after resetting it but the * never comes up indicating it's working and the service shows always running, no matter how many times you click stop it never changes.
Awesome, it works like a charm ! Thanks a lot for this video !!! I wonder now, if there is a way to use the gateway client (NOT the access server) as the default gateway of the other client... ?
You could set a static IP on the other client with a random IP in that subnet, then just make the turtle it's default gateway. However, what are you trying to achieve here? Sure, all your requests are going to hit the access server first, but it's going to get routed to the turtle no matter what...
Hello i finally got mine up and running i did everything you did and finally got it to work. I just had a wireless router problem But fixed now. Only thing i can not do is ping the whole network can you please help me?
Sadly I cannot get this to work. Tried it with different setups, but all I can to is connecting to the middleman server. I am not able to connect to any IP of the remote client... Middleman Server: Debian 7 / 8 (tried with both) Remote Client: Windows PC / Raspberry Pi behind NAT VPN User: Windows 10 User Do I have to setup something else, maybe you have forgotten a config step of the OpenVPN AS? Definitely not working out of the box :-( No firewalls involved due to testing reasons... EDIT: I would appreciate a guide without the use of LAN Turtle alot. Maybe I have to configure something else on the middleman server running openvpn as?
How much is the ssh server because I went to that site and it told me to pay. It didn't even say how much, it could be $3,000 or something how much is it?
mye.. except more & more companies using some form of 802.1 auth even on hardwired connections. That means you'd need to authenticate to get on the network.
i need your help to make this works: i have a lan outside US which has pivpn server inside (raspberry). the lan interface is hooked up to the coming internet line. the wifi interface is connected to my local Wlan. i have successfully configured it to forward all wifi incoming traffic to the lan interface. however, i want to modify this so that when a client connects to my pivpn, it becomes the gateway and all the traffic goes through it to the network where the client is connected. in short, i want all devices on my wlan that has the default gateway is my raspberry pi wlan interface, to see the internet from the pivpn client's network. is it possible?
Followed everything. Very interesting putting a LAN turtle out through a VPN. Terminal access. Obviously you'd probably only do this on your own network because of access.
Obviously? No, not only on your own network. Obviously for sys-admins this is great because some external providers do not allow port-forwarding. This Turtle allows me to access the network remotely, which is great and cost-reducing for the company.
You can use free ngrok account to do the same. Just run ngrok service on one of the computers in the network where is a computer you want to access from the remote location. For example, you can place Raspberry Pi Zero running ngrok service in your network.
Well i did all but i dont know why, when im on my phone i cant reach the server on my oficce, but when im on the laptop connect it to a dchp server who give me the same range of ip than the office its works O.o
Catching https traffic when there is an acceptable use policy could be hard if the traffic is during normal working hours. In university this was a common hack and would result in discipline if you got caught. At workDevs used to drill out with their home servers. I'm pretty sure that any jnr sys admin drilling an unauthorized hole in a corporate firewall today would not be treated nicely.
+SandyStarchild Oh, I know! I guess if it is too bothersome one could download the video and throw it through (for example) ffmpeg's 'yadif' filter. Me personally? I'm too lazy
Easy enough if your company network doesn't do nice firewalls which only allow ports 80/443 out.. :P Also the proper ones check them packets so even vpn at port 443 wont go...
What does VPN have to do with power plug? For what it's worth, in the first demo at 10:19 we see the client setup to route all through the VPN, so not split mode.
This must be some Turtle voodoo, as I can't get access to the VPN Gateway's subnet no matter what I do! Tried Windows, Ubuntu and Kali. No Firewall, with sysctl -w net.ipv4.ip_forward=1. What kind of magic is this!?!?
![Haunt a Computer Using SSH [Tutorial]](http://i.ytimg.com/vi/M0eEwqUpKDc/mqdefault.jpg)
After setting up pivpn with the same idea. I was like "Oh yeah NAT". This solves that problem beautifully.
Awesome!! That's much more powerful and a lot easier then doing tons of (reverse) port forwards through ssh. Thanks Daren.
I just want to say that I love you guys...your videos are awesome...way beyond my comprehension at times, but so much fun to watch. Thank you!
THANK YOU! I've been struggling with this for a few days now. I was able to ping my LAN Turtle through the VPN tunnel, but I wasn't able to access anything else on the network. That last bit about /etc/config/firewall is what finally got it to work. Thank you!
FINALLY getting to watch this.
Thanks for the shoutout dude :D
w00t ~Darren
+vissago hi Dan, really enjoy your work and watching your talks. I really enjoyed the open VNC authentication showcase at Devoxx. One question though. With all the abuse complaints from pissy sysadmins, how were you guys able to do this evaluation over the entire internet without legal recourse or threat? In some states in the U.S., even an unauthorized attempt to login to a server can warrant legal action. I'm just curious as to what the reaction was to this, if any.
+Noah Stanford Thanks! Port scanning isn't illegal - even over the whole internet. Did you know that google does it? They only scan a small number of ports, and only for things that have webservers attached - but MANY different protocols can be interacted with over the web - svn, ftp, ssh, telnet, http/s, vnc ... so if all the major search engines in the world can touch every ip on the planet, why can't an individual?
+vissago I understand tcp/ip and those protocols (others aswell, RDP, RPC, etc). I just wasn't sure about the legality of attempting authentication to those VNC servers as some states in the U.S. outline attempted intrusion as a crime itself, even without success. Now that I think about it though, if they were wide open with no auth whatsoever it must be legal since everyone has the resources to connect without a password. Masscan actually gave me the motivation to build an obfuscated admin/control protocol in python using sockets and a combination of key based encryption and fingerprinting to establish an access control list. It's a work in progress, but overall a great learning experience! [ tl;dr i know :) ]
+Noah Stanford public is public! If it doesn't ask for a password, and google can spider it, then it's legal for you to be there and see it. no matter what it is. no matter what port it's on.
8:45 Nifty little command line tool ;)
+Harry Talamini It is an awesome tool! I use it all the time. Check it out on github - github.com/nvbn/thefuck
I deployed this OpenVPN AS exactly the same way. Except I used a RADIUS server for our Windows AD domain integration. Awesome Awesome Gateway VPN solution.
I’ve been looking around for this for weeks ! Thanks for this awesome video. Now I need to understand how to create the vpn interface and the firewall rules with nftables on Debian 10!
Thanks Darren!
This had the same spike level as the USB Switchblade had on me back in 2008!!!
I could picture telling my step-dad (computer teacher / repair man by trade) ...
I'm on your LAN.
tip 1: I have not installed anything on any of your computers in the house,
tip 2: I have not opened any ports in your router.
tip 3: Do you know where ALL your power outlets are?
... only after a little bit of wait and head scratching between each steps ;)
Oh, yeah, people... please, don't do this in your workplace....
Any sysadmins will notice any device on their network using bandwidth...
But ... any home users might not be that smart ... Know buddies on gigabits? please pm me hehehe.
Wow, thanks again Mr. Kitchen ;) I wish I could live closer to that warehouse of yours!
Great show Darren.
Couldn't get it to work at first. Turned out I had to update the Mods in the Turtle. Otherwise it just wouldn't start on it's own.
Now I have a great tool to show some of my clients in how their networks just aren't as safe as they think. :-)
Apparently this technique of reverse VPN connection isn't working anymore. i tried setting the exactly the way you described but it failed to allow access to internal network. Infact the route isn't going from server to client (which is acting as gateway)
Awesome! Using this to connect to my Linux box/zm server that's locked behind a nasty ISP firewall. Also loving my new droplet server! Great Job explaining to an oldie but newbie like me.
These demos in Linux are waaay better. Helps me remember commands and what to do in different scenarios like the dpkg -i for the deb file. No wonder I couldn't get that deb file to work before.
Didn’t realise that was possible. Well now, I’ve got something to setup. Thank you.
Can´t like this video enough, you guys are true lifesavers
It gets even better when you setup a port froward on your VPN server that forwards down to a VPN client, and then to a PC on that network the VPN client is on.
First of all, I would like to say that respect the straight forward approach. However, I would request that you make a video surrounding the security considerations needed when deploying this type of set up.. The last thing that we would want to happen is for a inexperienced user to be compremised do to lack thereof...
Great video! I'm trying to set this up using a Raspberry Pi instead of a LAN Turtle. Both my RPi and pentester can dial into the VPS, and I can ping the RPi from pentest, but can't access the rest of the RPi network. This might be a firewall issue as described at the end of the video. Could someone help me fix this on Wheezy?
Hi. I've just been trying to do this using a Raspberry Pi too. Pi on the home network, and the Laptop via Mobile Broadband. All seems to work, but the Pi and the Laptop end up on different 172.27 subnet. Couldn't see in the OpenVPN SA server config where to limit it to one subnet. Google wan't my friend on this occasion.
Have a look at this thread here: forums.whirlpool.net.au/archive/2493314
thanks the instructions provided there work great thank you for pointing us in the right direction and thanks to why is a cow? for the troubleshooting and ip table configuration.
just as a final point am using a raspberry pi zero so the ip table config need to be for wlan0 and also for some reason this did not work until i updated the firmware and rebooted the pi
so far so good its been UP for 9 days
Oh! i also changed the client.ovpn to client.conf
Can I use a mifi to hook this up
What are options in .ovpn file to set it up without pretty gui? i need 3 clients interrouting. because of reasons
I'm not sure, but OpenVPN only allows two connections for the free version of it FYI.
to get them onto other devices ??
Hi. I have followed the instructions and checked it over and over 10 times. I can access the Turtle gateway with the subnet address defined in the VPN gateway setting. However, I cannot see any other device on that network. Am I doing something wrong? I would very much appreciate the help.
great video! great timing :D
Any idea how to setup the "turtle" as a Debian box instead? This could make a great use for a RPi but I can only route to the local address of it. If I try going to my router or another machine on the network, I just drop packets.
When i ping the network that i don't have access without vpn gateway, it says Destination port unreachable, what can I do ?
Thank you soo much! Keep up the tutorials!
What's on your arm? Is that a dongle hider?! :P
Great show this week. And I just ordered the nano and some Turtle power..
love the new theme song
Darren, I have a question for you that's been bugging me for a while. Why do you wear a handkerchief around your wrists so often? Just for looks?
hi great video. Can we make this using wireguard?
Would have liked to see a network diagram. Sorry if i missed it somewhere in there
Love you Darren 😀😘😘😘
I like the new intro.
>run hak5, a high-quality produced show about hacking
>use chrome
while (chrome) { uninstall chrome && install firefox }
So, instead of the client to host config for VPN, you create a MITM for the VPN connection?
What are the pros/cons for this method over the traditional method of VPN'ing?
+themaconeau You could drop this on a network without having to open up stuff on the firewall. Watch around the 13 min mark for a better explanation.
***** Will have to watch this on more than a few hours' sleep me thinks. But while I'm sleep-deprived ...
I'm thinking out loud here...
I was thinking of this being an as-needed solution for remote login to a private network. Need the login? Turn on or plugin the device before you go. The idea being that it could be used as a management port but remotely.
I'm probably on the wrong path here and maybe wish for the LAN Turtle to replace a dedicated VPN server. But the more I think about it, the more I think it can't happen.
Maybe the half way point is more needed than I thought ...
The half-way part is needed for it to work since it lets you bypass the firewall on the network where you drop the turtle. It works like this since both endpoints establish the connection and the turtle isn't the one actually looking to accept a session from the other machine.
I did a similar setup using pfSense as my endpoint but it did require firewall configuration as I didn't have that midpoint at the time.
As for an "as-needed" solution, I could easily see this as a practical setup for a remote access setup, even when on a mobile connection.
***** Thanks man, appreciated. :)
Hello Hak5, i have seen a bounch of videos about the lan turtle, But, if you just connect it to the Home's /work's ethernet (and NOT a computer, just to a powersource like a powerbank,outlet,etc) can you acces everything on that network that are connected to the ethernet??? + is the lan turtle 's tools (msf-meterpreter,scan networks,MITM-attacks, etc) fully undetectable? Please answear this as fast as possible!
Is all traffic routed through the VPS, or does the VPS just facilitate the connection? If traffic does go through the VPS, is it expensive? Thanks a lot for the video!
I would like to be able to route traffic among remote networks like BitTorrent sync, where if you are behind a firewall or NAT, an intermediate server facilitates a handshake between two clients - but traffic doesn't go through the intermediate server. Does this method achieve that?
Hi Hak5,
good video, can we implement this OpenVPN server in our office or for commercial purposes to connect n numbers of users.
how to do same thing on CLI in order to connect as many connection as we can.. right now with your setup there is limitation of only 2 devices can connect simultaneously.. So please tell us to do the same thing with CLI.
Does this induce double NAT problems? Port forwarding, qos and overall latency issues?
In this case all traffic will appear to be coming from your digitalocean's VM. I would like the traffic to come from Turtle instead, is that possible?
What if you don't know what the local LAN ip is , if I move the turtle from network to network for example
+Skyler F There are many ways to determine the local LAN IP with the turtle. Check out the script2post, script2email or autossh modules. Since the configuration is held on the OpenVPN-AS server side, it's just a matter of changing the IP range in the admin web interface.
Hi there,
I followed the tutorial to the dot and I wanted to ask if there are any additional settings the you implement somewhere not shown in the video since mine didn't go as planned.
- I got myself a droplet and running the latest AS by OpenVPN
- I can connect with my macOS laptop to the AS
- I can connect my remote client and I can ping it and ssh into it.
- I have checked the settings shown in the video for the "turtle" or "remote client" profile and I listed the Gateway subnet as well as make sure to download a fresh copy of the configuration file after triple checking all settings are correct.
- I am unable to access devices behind the remote clients network. OpenVPN support claims there are more settings that need to be adjusted and they pointed me to a guide that involves router settings mod but obviously this would not work for me as I don't have access to router on the droplet nor access to the router at the remote location.
Any help is appreciated.
Hi, This is what i was trying to do since days, but this option is only seems in OV-Access server. is it possible to configure in community version?
are there notes or steps to follow written out?
What type of Laptop were you using? Need a new one have to many but must have another laptop lol
how can public access a website hosted by the private network , when the ISP doesnt support port forwarding
Looks like that swupdate page no longer exists :(
Can you have multiple turtles setups as gateways going to the save VPS?
Was there a reason for using an older version of the OpenVPN AS?
Hello i have a new question when i deploy my embedded linux box to the client place and i host the openvpn server and everything installed correctly. When i go to one of there windows computers if i open a command line interface would i be able to ping the server to the server address or would i have to download a openvpn client on that computer?
Awesome, I am IT guy, and yet, i only learn this now!, video is from 2016!, sigh. I have actually been trying to do this before, but no idea there was simple package to deploy like this, just fired up an AWS instance and, done.
Hey, I am confused what gateway to add can you help me out ?
Question: OpenVPN Access Server is only free for 2 concurrent connections, right? Is this functionality available in the free community version of openvpn? Is it just the slick gui that Access aserver provides or is it a discrete product that offers this functionality?
This is in the community version. AS adds the web interface for admin config of server and clients, and also for creating and handing out ovpn files to client users.
I am trying to find a place to buy SSH Tunnel no-login servers. Have any ideas?
Darren, can you please tell me what program or plugin adds this CPU;FREQ;NET;THERMAL;BATTERY on your system toolbar on the very top of your debian laptop? Can't find it :)
Outstanding presentation. I was having problems using a different VPN with my Linux Mint and the VPN that you are using appears to be what I am seeking. Also, could you share the make and model of the excellent clip on mike that you use?
i did somewhat understand what he did, but why is it needed and what does it do, i have literally no idea.
It makes it easy to have remote access to any network without having to port forward. Plug one of these into a LAN port and thats it!
pfsesne which is a bsd firewall distro comes with openvpn built in. It has a nice easy wizzard \ gui for setting things up and it there is a plugin that will create installers for windows\macs for client server configs.
So I have a unique issue, i think.
I have my raspberry pi connecting just fine and have the user account setup just as you describe.
However, my linux server has to allow me to access it remotely via 22 and 8443.
When I connect, I am immediately kicked from the ssh session. I had to add route-nopull to the ovpn autoconnect file to stop this, however, I am unable to ping my PI from my linux client.
I also checked routes, it doesn't appear to be adding any client gateway subnets to the route table. When i add them manually, I am still unable to ping clients on the vpn network, or on the pi's client network.
did I miss something?
Well.. this is exactlly what I need, but can't afford... so I was trying to set it up using a self hosted server through a Raspberry Pi... not using digital ocean... more like a proof of concept and stay true with open source rather than spending some money ha... So technically this is a bridged openvpn setup but going through a lot of hoops. but it's nice to see it working
if you have a public IP you can do it that easy, but if you have CGNAT this is the solution
Hi Hak5
Any chance you could publish/make available the (sanitized) .ovpn files your clients use and the openvpn.conf? I have openvpn (not the AS version) and cannot get the routing between client networks functioning - guess I have a config option missing.
Thanks!
can you do a tutorial on extracting hashes from an active directory? or can you do it for a lesson at hack all the things
+WETWORK For collecting the hashes I used an app called Elcomsoft Proactive System Password Recovery 6.52, it will grab cached password hashes.
For the GPU bruteforce I used cudahashcat 1.37
On my GTX 960 it took around five hours to get to 8 characters, so if the password is 8 or more characters, you're looking at multiple weeks to bruteforce it, even with GPU-accelerated password brute forcing.
TL:DR, don't go there.
+James Campbell you da real mvp
WETWORK You need to read they pentester playbook.
Thanks - 'just set one up with an openWRT as the client gateway - fun times!
Excellent tutorial :)
How's this different than setting up a vpn server on your lan?
That was the most easy understanding video on VPN so far. Well done for the great content. I would have a question though. Is there another solution other than VPN Access server to achieve the same thing? I mean the openvpn allows only two simultaneous connections for free and for more you need to buy a licence but the minimum licence is for 10 devices and i only need 4 devices. I'd really appreciate any suggestions as i need to access a server and its content through vpn.
You can try WireGuard or use OpenVPN without Web interface, just with CLI and you could add more than 2 users.
Once this end to end connection is made can I do a simple RDP from my local windows machine to remote windows machine?
Assuming your local windows machine (not on the LAN) has OpenVPN client connected to the OpenVPN AS server (like frog in the demo), and the remote windows machine is on the LAN (does not needs OpenVPN anything) -- then yes
What computer are u using?
How do i make my Lan Turtle dial out to my vps on a proxy proxified network?
what if i dont have a vps , what can i use?
Dude,
Is there any way to get a my own public ip in a public wifi network
yes there is. just search "my ip" on google when you are in the network. to get your local ip just download an app like fing or anything else.
@@m4gg197 In public wifi network everyone in that network has the same public IP, right?
I'm asking I need my own public IP.
for a reverse TCP connection to my public IP. (My college wifi network). I cant set up a port forwarding and stuff...
I bought a lan turtle a few years ago and had it working, got it out recently and couldn't remember my password so I reset it, and now I can't get it to work! I was even able to get a rasbperry pi to do a reverse shell, all except I couldn't get it to start up at boot. Anyone able to help? I got it to update after resetting it but the * never comes up indicating it's working and the service shows always running, no matter how many times you click stop it never changes.
traceroute shows 172.27.224.1 then it just gets stuck...
Awesome, it works like a charm ! Thanks a lot for this video !!!
I wonder now, if there is a way to use the gateway client (NOT the access server) as the default gateway of the other client... ?
You could set a static IP on the other client with a random IP in that subnet, then just make the turtle it's default gateway. However, what are you trying to achieve here? Sure, all your requests are going to hit the access server first, but it's going to get routed to the turtle no matter what...
how you config the the firewall on a ubuntu client gateway? (i dont have the lan turtle)
It seems that won't work anymore on AS v2.11.3
We’re you able to set it up ?
nice video but can we do that at PiVPN ?
Hello i finally got mine up and running i did everything you did and finally got it to work. I just had a wireless router problem But fixed now. Only thing i can not do is ping the whole network can you please help me?
Will it also Work like this with Packet Squirrel? I mean acces entire network like turtle
Sadly I cannot get this to work. Tried it with different setups, but all I can to is connecting to the middleman server. I am not able to connect to any IP of the remote client...
Middleman Server: Debian 7 / 8 (tried with both)
Remote Client: Windows PC / Raspberry Pi behind NAT
VPN User: Windows 10 User
Do I have to setup something else, maybe you have forgotten a config step of the OpenVPN AS? Definitely not working out of the box :-( No firewalls involved due to testing reasons...
EDIT: I would appreciate a guide without the use of LAN Turtle alot. Maybe I have to configure something else on the middleman server running openvpn as?
Please how do i get the wifi turtle?????.or get something-like it
Why not use ssh on a software defined tap?
Is the Turtle open source and if so where can we get the source?
+Matt Baker Look for Hak5 on github
Can you connect to a VPN through an SSH Tunnel??
How much is the ssh server because I went to that site and it told me to pay. It didn't even say how much, it could be $3,000 or something how much is it?
mye.. except more & more companies using some form of 802.1 auth even on hardwired connections. That means you'd need to authenticate to get on the network.
i need your help to make this works: i have a lan outside US which has pivpn server inside (raspberry). the lan interface is hooked up to the coming internet line. the wifi interface is connected to my local Wlan. i have successfully configured it to forward all wifi incoming traffic to the lan interface. however, i want to modify this so that when a client connects to my pivpn, it becomes the gateway and all the traffic goes through it to the network where the client is connected. in short, i want all devices on my wlan that has the default gateway is my raspberry pi wlan interface, to see the internet from the pivpn client's network. is it possible?
I feel stupid when I watch this videos
MAsterTroll nope
Followed everything. Very interesting putting a LAN turtle out through a VPN. Terminal access. Obviously you'd probably only do this on your own network because of access.
Obviously? No, not only on your own network. Obviously for sys-admins this is great because some external providers do not allow port-forwarding. This Turtle allows me to access the network remotely, which is great and cost-reducing for the company.
can we do same with Packet Squirrel with host pc
I miss this format.
How is this "free" if you have to pay for a VPS? - is there an alternative to using a VPS?
You can use free ngrok account to do the same. Just run ngrok service on one of the computers in the network where is a computer you want to access from the remote location. For example, you can place Raspberry Pi Zero running ngrok service in your network.
Anyone aware of what Linux distro Darren is using?
anyone know how can i make this work but on a raspberry pi? i know i'm missing something of routing, but i need some help there
Well i did all but i dont know why, when im on my phone i cant reach the server on my oficce, but when im on the laptop connect it to a dchp server who give me the same range of ip than the office its works O.o
Catching https traffic when there is an acceptable use policy could be hard if the traffic is during normal working hours. In university this was a common hack and would result in discipline if you got caught. At workDevs used to drill out with their home servers. I'm pretty sure that any jnr sys admin drilling an unauthorized hole in a corporate firewall today would not be treated nicely.
dat interlacing tho
also audio sync
+SandyStarchild Oh, I know! I guess if it is too bothersome one could download the video and throw it through (for example) ffmpeg's 'yadif' filter. Me personally? I'm too lazy
Perfect t to bypass GNAT from my ISP..... gracias!!!
Easy enough if your company network doesn't do nice firewalls which only allow ports 80/443 out.. :P Also the proper ones check them packets so even vpn at port 443 wont go...
Intro music?
I take it., this vpn is in split vpn mode, that is why you can plug it into the power plug
What does VPN have to do with power plug? For what it's worth, in the first demo at 10:19 we see the client setup to route all through the VPN, so not split mode.
This must be some Turtle voodoo, as I can't get access to the VPN Gateway's subnet no matter what I do! Tried Windows, Ubuntu and Kali. No Firewall, with sysctl -w net.ipv4.ip_forward=1. What kind of magic is this!?!?
*standing ovation*