Access Internal Networks with Reverse VPN connections - Hak5 1921
HTML-код
- Опубликовано: 4 авг 2024
- Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
Accessing internal networks without an internal VPN server. Learn how to setup a reverse VPN gateway on this episode of Hak5!
Support is directly from our store at hakshop.com
~-~~-~~~-~~-~
Please watch: "Bash Bunny Primer - Hak5 2225"
• Bash Bunny Primer - Ha...
~-~~-~~~-~~-~
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong. 
Наука
THANK YOU! I've been struggling with this for a few days now. I was able to ping my LAN Turtle through the VPN tunnel, but I wasn't able to access anything else on the network. That last bit about /etc/config/firewall is what finally got it to work. Thank you!
I just want to say that I love you guys...your videos are awesome...way beyond my comprehension at times, but so much fun to watch. Thank you!
Awesome!! That's much more powerful and a lot easier then doing tons of (reverse) port forwards through ssh. Thanks Daren.
Great show Darren.
Couldn't get it to work at first. Turned out I had to update the Mods in the Turtle. Otherwise it just wouldn't start on it's own.
Now I have a great tool to show some of my clients in how their networks just aren't as safe as they think. :-)
After setting up pivpn with the same idea. I was like "Oh yeah NAT". This solves that problem beautifully.
Awesome! Using this to connect to my Linux box/zm server that's locked behind a nasty ISP firewall. Also loving my new droplet server! Great Job explaining to an oldie but newbie like me.
I deployed this OpenVPN AS exactly the same way. Except I used a RADIUS server for our Windows AD domain integration. Awesome Awesome Gateway VPN solution.
I’ve been looking around for this for weeks ! Thanks for this awesome video. Now I need to understand how to create the vpn interface and the firewall rules with nftables on Debian 10!
Didn’t realise that was possible. Well now, I’ve got something to setup. Thank you.
Thanks Darren!
This had the same spike level as the USB Switchblade had on me back in 2008!!!
I could picture telling my step-dad (computer teacher / repair man by trade) ...
I'm on your LAN.
tip 1: I have not installed anything on any of your computers in the house,
tip 2: I have not opened any ports in your router.
tip 3: Do you know where ALL your power outlets are?
... only after a little bit of wait and head scratching between each steps ;)
Oh, yeah, people... please, don't do this in your workplace....
Any sysadmins will notice any device on their network using bandwidth...
But ... any home users might not be that smart ... Know buddies on gigabits? please pm me hehehe.
Wow, thanks again Mr. Kitchen ;) I wish I could live closer to that warehouse of yours!
These demos in Linux are waaay better. Helps me remember commands and what to do in different scenarios like the dpkg -i for the deb file. No wonder I couldn't get that deb file to work before.
great video! great timing :D
FINALLY getting to watch this.
Thanks for the shoutout dude :D
w00t ~Darren
+vissago hi Dan, really enjoy your work and watching your talks. I really enjoyed the open VNC authentication showcase at Devoxx. One question though. With all the abuse complaints from pissy sysadmins, how were you guys able to do this evaluation over the entire internet without legal recourse or threat? In some states in the U.S., even an unauthorized attempt to login to a server can warrant legal action. I'm just curious as to what the reaction was to this, if any.
+Noah Stanford Thanks! Port scanning isn't illegal - even over the whole internet. Did you know that google does it? They only scan a small number of ports, and only for things that have webservers attached - but MANY different protocols can be interacted with over the web - svn, ftp, ssh, telnet, http/s, vnc ... so if all the major search engines in the world can touch every ip on the planet, why can't an individual?
+vissago I understand tcp/ip and those protocols (others aswell, RDP, RPC, etc). I just wasn't sure about the legality of attempting authentication to those VNC servers as some states in the U.S. outline attempted intrusion as a crime itself, even without success. Now that I think about it though, if they were wide open with no auth whatsoever it must be legal since everyone has the resources to connect without a password. Masscan actually gave me the motivation to build an obfuscated admin/control protocol in python using sockets and a combination of key based encryption and fingerprinting to establish an access control list. It's a work in progress, but overall a great learning experience! [ tl;dr i know :) ]
+Noah Stanford public is public! If it doesn't ask for a password, and google can spider it, then it's legal for you to be there and see it. no matter what it is. no matter what port it's on.
Can´t like this video enough, you guys are true lifesavers
First of all, I would like to say that respect the straight forward approach. However, I would request that you make a video surrounding the security considerations needed when deploying this type of set up.. The last thing that we would want to happen is for a inexperienced user to be compremised do to lack thereof...
Hello i have a new question when i deploy my embedded linux box to the client place and i host the openvpn server and everything installed correctly. When i go to one of there windows computers if i open a command line interface would i be able to ping the server to the server address or would i have to download a openvpn client on that computer?
What's on your arm? Is that a dongle hider?! :P
Great show this week. And I just ordered the nano and some Turtle power..
Thank you soo much! Keep up the tutorials!
Darren, can you please tell me what program or plugin adds this CPU;FREQ;NET;THERMAL;BATTERY on your system toolbar on the very top of your debian laptop? Can't find it :)
Excellent tutorial :)
It gets even better when you setup a port froward on your VPN server that forwards down to a VPN client, and then to a PC on that network the VPN client is on.
Darren, I have a question for you that's been bugging me for a while. Why do you wear a handkerchief around your wrists so often? Just for looks?
Hi Hak5
Any chance you could publish/make available the (sanitized) .ovpn files your clients use and the openvpn.conf? I have openvpn (not the AS version) and cannot get the routing between client networks functioning - guess I have a config option missing.
Thanks!
Outstanding presentation. I was having problems using a different VPN with my Linux Mint and the VPN that you are using appears to be what I am seeking. Also, could you share the make and model of the excellent clip on mike that you use?
Is all traffic routed through the VPS, or does the VPS just facilitate the connection? If traffic does go through the VPS, is it expensive? Thanks a lot for the video!
I would like to be able to route traffic among remote networks like BitTorrent sync, where if you are behind a firewall or NAT, an intermediate server facilitates a handshake between two clients - but traffic doesn't go through the intermediate server. Does this method achieve that?
Does this induce double NAT problems? Port forwarding, qos and overall latency issues?
Any idea how to setup the "turtle" as a Debian box instead? This could make a great use for a RPi but I can only route to the local address of it. If I try going to my router or another machine on the network, I just drop packets.
Was there a reason for using an older version of the OpenVPN AS?
Apparently this technique of reverse VPN connection isn't working anymore. i tried setting the exactly the way you described but it failed to allow access to internal network. Infact the route isn't going from server to client (which is acting as gateway)
I like the new intro.
8:45 Nifty little command line tool ;)
+Harry Talamini It is an awesome tool! I use it all the time. Check it out on github - github.com/nvbn/thefuck
What type of Laptop were you using? Need a new one have to many but must have another laptop lol
Hi there,
I followed the tutorial to the dot and I wanted to ask if there are any additional settings the you implement somewhere not shown in the video since mine didn't go as planned.
- I got myself a droplet and running the latest AS by OpenVPN
- I can connect with my macOS laptop to the AS
- I can connect my remote client and I can ping it and ssh into it.
- I have checked the settings shown in the video for the "turtle" or "remote client" profile and I listed the Gateway subnet as well as make sure to download a fresh copy of the configuration file after triple checking all settings are correct.
- I am unable to access devices behind the remote clients network. OpenVPN support claims there are more settings that need to be adjusted and they pointed me to a guide that involves router settings mod but obviously this would not work for me as I don't have access to router on the droplet nor access to the router at the remote location.
Any help is appreciated.
love the new theme song
Awesome, it works like a charm ! Thanks a lot for this video !!!
I wonder now, if there is a way to use the gateway client (NOT the access server) as the default gateway of the other client... ?
You could set a static IP on the other client with a random IP in that subnet, then just make the turtle it's default gateway. However, what are you trying to achieve here? Sure, all your requests are going to hit the access server first, but it's going to get routed to the turtle no matter what...
Love you Darren 😀😘😘😘
how you config the the firewall on a ubuntu client gateway? (i dont have the lan turtle)
Hello Hak5, i have seen a bounch of videos about the lan turtle, But, if you just connect it to the Home's /work's ethernet (and NOT a computer, just to a powersource like a powerbank,outlet,etc) can you acces everything on that network that are connected to the ethernet??? + is the lan turtle 's tools (msf-meterpreter,scan networks,MITM-attacks, etc) fully undetectable? Please answear this as fast as possible!
Hi. I have followed the instructions and checked it over and over 10 times. I can access the Turtle gateway with the subnet address defined in the VPN gateway setting. However, I cannot see any other device on that network. Am I doing something wrong? I would very much appreciate the help.
Thank you :)
Thanks - 'just set one up with an openWRT as the client gateway - fun times!
When i ping the network that i don't have access without vpn gateway, it says Destination port unreachable, what can I do ?
Can you have multiple turtles setups as gateways going to the save VPS?
Hi, This is what i was trying to do since days, but this option is only seems in OV-Access server. is it possible to configure in community version?
So I have a unique issue, i think.
I have my raspberry pi connecting just fine and have the user account setup just as you describe.
However, my linux server has to allow me to access it remotely via 22 and 8443.
When I connect, I am immediately kicked from the ssh session. I had to add route-nopull to the ovpn autoconnect file to stop this, however, I am unable to ping my PI from my linux client.
I also checked routes, it doesn't appear to be adding any client gateway subnets to the route table. When i add them manually, I am still unable to ping clients on the vpn network, or on the pi's client network.
did I miss something?
How's this different than setting up a vpn server on your lan?
pfsesne which is a bsd firewall distro comes with openvpn built in. It has a nice easy wizzard \ gui for setting things up and it there is a plugin that will create installers for windows\macs for client server configs.
What are options in .ovpn file to set it up without pretty gui? i need 3 clients interrouting. because of reasons
I'm not sure, but OpenVPN only allows two connections for the free version of it FYI.
to get them onto other devices ??
Would have liked to see a network diagram. Sorry if i missed it somewhere in there
Great video! I'm trying to set this up using a Raspberry Pi instead of a LAN Turtle. Both my RPi and pentester can dial into the VPS, and I can ping the RPi from pentest, but can't access the rest of the RPi network. This might be a firewall issue as described at the end of the video. Could someone help me fix this on Wheezy?
Hi. I've just been trying to do this using a Raspberry Pi too. Pi on the home network, and the Laptop via Mobile Broadband. All seems to work, but the Pi and the Laptop end up on different 172.27 subnet. Couldn't see in the OpenVPN SA server config where to limit it to one subnet. Google wan't my friend on this occasion.
Have a look at this thread here: forums.whirlpool.net.au/archive/2493314
thanks the instructions provided there work great thank you for pointing us in the right direction and thanks to why is a cow? for the troubleshooting and ip table configuration.
just as a final point am using a raspberry pi zero so the ip table config need to be for wlan0 and also for some reason this did not work until i updated the firmware and rebooted the pi
so far so good its been UP for 9 days
Oh! i also changed the client.ovpn to client.conf
Can I use a mifi to hook this up
Can you connect to a VPN through an SSH Tunnel??
How do i make my Lan Turtle dial out to my vps on a proxy proxified network?
What computer are u using?
Hi Hak5,
good video, can we implement this OpenVPN server in our office or for commercial purposes to connect n numbers of users.
how to do same thing on CLI in order to connect as many connection as we can.. right now with your setup there is limitation of only 2 devices can connect simultaneously.. So please tell us to do the same thing with CLI.
hi great video. Can we make this using wireguard?
In this case all traffic will appear to be coming from your digitalocean's VM. I would like the traffic to come from Turtle instead, is that possible?
how can public access a website hosted by the private network , when the ISP doesnt support port forwarding
That was the most easy understanding video on VPN so far. Well done for the great content. I would have a question though. Is there another solution other than VPN Access server to achieve the same thing? I mean the openvpn allows only two simultaneous connections for free and for more you need to buy a licence but the minimum licence is for 10 devices and i only need 4 devices. I'd really appreciate any suggestions as i need to access a server and its content through vpn.
You can try WireGuard or use OpenVPN without Web interface, just with CLI and you could add more than 2 users.
Hello i finally got mine up and running i did everything you did and finally got it to work. I just had a wireless router problem But fixed now. Only thing i can not do is ping the whole network can you please help me?
I bought a lan turtle a few years ago and had it working, got it out recently and couldn't remember my password so I reset it, and now I can't get it to work! I was even able to get a rasbperry pi to do a reverse shell, all except I couldn't get it to start up at boot. Anyone able to help? I got it to update after resetting it but the * never comes up indicating it's working and the service shows always running, no matter how many times you click stop it never changes.
What if you don't know what the local LAN ip is , if I move the turtle from network to network for example
+Skyler F There are many ways to determine the local LAN IP with the turtle. Check out the script2post, script2email or autossh modules. Since the configuration is held on the OpenVPN-AS server side, it's just a matter of changing the IP range in the admin web interface.
How much is the ssh server because I went to that site and it told me to pay. It didn't even say how much, it could be $3,000 or something how much is it?
are there notes or steps to follow written out?
Question: OpenVPN Access Server is only free for 2 concurrent connections, right? Is this functionality available in the free community version of openvpn? Is it just the slick gui that Access aserver provides or is it a discrete product that offers this functionality?
This is in the community version. AS adds the web interface for admin config of server and clients, and also for creating and handing out ovpn files to client users.
i need your help to make this works: i have a lan outside US which has pivpn server inside (raspberry). the lan interface is hooked up to the coming internet line. the wifi interface is connected to my local Wlan. i have successfully configured it to forward all wifi incoming traffic to the lan interface. however, i want to modify this so that when a client connects to my pivpn, it becomes the gateway and all the traffic goes through it to the network where the client is connected. in short, i want all devices on my wlan that has the default gateway is my raspberry pi wlan interface, to see the internet from the pivpn client's network. is it possible?
can we do same with Packet Squirrel with host pc
I am trying to find a place to buy SSH Tunnel no-login servers. Have any ideas?
what if i dont have a vps , what can i use?
Once this end to end connection is made can I do a simple RDP from my local windows machine to remote windows machine?
Assuming your local windows machine (not on the LAN) has OpenVPN client connected to the OpenVPN AS server (like frog in the demo), and the remote windows machine is on the LAN (does not needs OpenVPN anything) -- then yes
Why not use ssh on a software defined tap?
Perfect t to bypass GNAT from my ISP..... gracias!!!
nice video but can we do that at PiVPN ?
Please how do i get the wifi turtle?????.or get something-like it
Sadly I cannot get this to work. Tried it with different setups, but all I can to is connecting to the middleman server. I am not able to connect to any IP of the remote client...
Middleman Server: Debian 7 / 8 (tried with both)
Remote Client: Windows PC / Raspberry Pi behind NAT
VPN User: Windows 10 User
Do I have to setup something else, maybe you have forgotten a config step of the OpenVPN AS? Definitely not working out of the box :-( No firewalls involved due to testing reasons...
EDIT: I would appreciate a guide without the use of LAN Turtle alot. Maybe I have to configure something else on the middleman server running openvpn as?
Awesome, I am IT guy, and yet, i only learn this now!, video is from 2016!, sigh. I have actually been trying to do this before, but no idea there was simple package to deploy like this, just fired up an AWS instance and, done.
Hey, I am confused what gateway to add can you help me out ?
Will it also Work like this with Packet Squirrel? I mean acces entire network like turtle
Anyone aware of what Linux distro Darren is using?
So, instead of the client to host config for VPN, you create a MITM for the VPN connection?
What are the pros/cons for this method over the traditional method of VPN'ing?
+themaconeau You could drop this on a network without having to open up stuff on the firewall. Watch around the 13 min mark for a better explanation.
***** Will have to watch this on more than a few hours' sleep me thinks. But while I'm sleep-deprived ...
I'm thinking out loud here...
I was thinking of this being an as-needed solution for remote login to a private network. Need the login? Turn on or plugin the device before you go. The idea being that it could be used as a management port but remotely.
I'm probably on the wrong path here and maybe wish for the LAN Turtle to replace a dedicated VPN server. But the more I think about it, the more I think it can't happen.
Maybe the half way point is more needed than I thought ...
The half-way part is needed for it to work since it lets you bypass the firewall on the network where you drop the turtle. It works like this since both endpoints establish the connection and the turtle isn't the one actually looking to accept a session from the other machine.
I did a similar setup using pfSense as my endpoint but it did require firewall configuration as I didn't have that midpoint at the time.
As for an "as-needed" solution, I could easily see this as a practical setup for a remote access setup, even when on a mobile connection.
***** Thanks man, appreciated. :)
mye.. except more & more companies using some form of 802.1 auth even on hardwired connections. That means you'd need to authenticate to get on the network.
Well i did all but i dont know why, when im on my phone i cant reach the server on my oficce, but when im on the laptop connect it to a dchp server who give me the same range of ip than the office its works O.o
Well.. this is exactlly what I need, but can't afford... so I was trying to set it up using a self hosted server through a Raspberry Pi... not using digital ocean... more like a proof of concept and stay true with open source rather than spending some money ha... So technically this is a bridged openvpn setup but going through a lot of hoops. but it's nice to see it working
if you have a public IP you can do it that easy, but if you have CGNAT this is the solution
anyone know how can i make this work but on a raspberry pi? i know i'm missing something of routing, but i need some help there
*standing ovation*
Intro music?
Looks like that swupdate page no longer exists :(
I miss this format.
Easy enough if your company network doesn't do nice firewalls which only allow ports 80/443 out.. :P Also the proper ones check them packets so even vpn at port 443 wont go...
traceroute shows 172.27.224.1 then it just gets stuck...
Lol I Like the !! alias Darren
Aaahaha “the packets are flowing!”
Is the Turtle open source and if so where can we get the source?
+Matt Baker Look for Hak5 on github
can you do a tutorial on extracting hashes from an active directory? or can you do it for a lesson at hack all the things
+WETWORK For collecting the hashes I used an app called Elcomsoft Proactive System Password Recovery 6.52, it will grab cached password hashes.
For the GPU bruteforce I used cudahashcat 1.37
On my GTX 960 it took around five hours to get to 8 characters, so if the password is 8 or more characters, you're looking at multiple weeks to bruteforce it, even with GPU-accelerated password brute forcing.
TL:DR, don't go there.
+James Campbell you da real mvp
WETWORK You need to read they pentester playbook.
Disobey sticker at the wall :)
This must be some Turtle voodoo, as I can't get access to the VPN Gateway's subnet no matter what I do! Tried Windows, Ubuntu and Kali. No Firewall, with sysctl -w net.ipv4.ip_forward=1. What kind of magic is this!?!?
Who needs web interfaces 4 setting up openvpn servers?
Catching https traffic when there is an acceptable use policy could be hard if the traffic is during normal working hours. In university this was a common hack and would result in discipline if you got caught. At workDevs used to drill out with their home servers. I'm pretty sure that any jnr sys admin drilling an unauthorized hole in a corporate firewall today would not be treated nicely.
i did somewhat understand what he did, but why is it needed and what does it do, i have literally no idea.
It makes it easy to have remote access to any network without having to port forward. Plug one of these into a LAN port and thats it!
Dude,
Is there any way to get a my own public ip in a public wifi network
yes there is. just search "my ip" on google when you are in the network. to get your local ip just download an app like fing or anything else.
@@m4gg197 In public wifi network everyone in that network has the same public IP, right?
I'm asking I need my own public IP.
for a reverse TCP connection to my public IP. (My college wifi network). I cant set up a port forwarding and stuff...
dat interlacing tho
also audio sync
+SandyStarchild Oh, I know! I guess if it is too bothersome one could download the video and throw it through (for example) ffmpeg's 'yadif' filter. Me personally? I'm too lazy