How to Build an OpenVPN Access Point Pt 2 - Hak5 2018
HTML-код
- Опубликовано: 26 сен 2024
- Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
Part two of Building an OpenVPN access point, this time on Hak5.
-------------------------------
Shop: www.hakshop.com
Support: / threatwire
Subscribe: / hak5
Our Site: www.hak5.org
Contact Us: / hak5
------------------------------
Recap: We've been building an VPN WiFi hotspot using OpenWRT and OpenVPN.
Last week we setup the OpenVPN Access Server and setup user accounts.
Today we're going to work on the access-point side of things in OpenWRT by setting up the openvpn client, configuring the IP routing and testing the connection with WiFi devices.
SCP client.opvn to pineapple
SSH to pineapple
Get pineapple online
opkg update
opkg install openvpn-openssl
route
openvpn client.ovpn
route
#Setup forwarding for clients
iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o tun0 -j MASQUERADE
iptables -A FORWARD -s 172.16.42.0/24 -o tun0 -j ACCEPT
iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i tun0 -j ACCEPT
#demo clients
Test connection
apt-get update
apt-get install php5-cli
~-~~-~~~-~~-~
Please watch: "Bash Bunny Primer - Hak5 2225"
• Bash Bunny Primer - Ha...
~-~~-~~~-~~-~
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong.
I LOL'ed at "Snerbs". Thanks for the tips, I'll have this set up this weekend!
I started using my linux laptop in lieu of router when I travel for all my odd network needs. My client side setup uses network manager to handle all my VPN and wifi AP stuff. I prefer it that way because it's stuff I don't always want to have on. It's a few clicks away when I need it, and I don't need to remember to pack my OpenWRT router too. That gives me room to pack another device that does more than set next to the ethernet jack.
It's a small thing, but it makes me happy that Shannon organizes her bookmarks bar like I do.
I like to keep my life organized - Shannon
this is way better than my ddns settup. wonder if the network encryption affect the traffic
hey guys love the show ive been following your channel for a few years now and was wondering when is the next hack across the planet to suggest coming over to Puerto Rico to do lots of drone building stuff and some wifi pineapple goodness it's a small island but we have much to offer and would love to see you guys in person as always love the show and keep up the good work
I would recommend setting up dnsmasq as well and push the router's IP as dns server using dhcp to clients.
Best show for a while ;^> How about doing one on running some apps through a VPN, while other apps on the same machine bypass the vpn.
Hi these type of instruction videos are great, have you ever covered how to make a VPN or I guess reverse VPN so that I can advertise insecure HTTP ip cams over SSL so that auth is done with HTTPS as it would seem HTTPS cams are few a far to find also expensive?
Cool computer love stickers on it
I have the same setup on my pfsense router and I also have another vpn server setup on pfsense so I can connect remotely and all my traffic go through the server vpn.
That hunter honda sticker 0:58
when are more quadcopter videos coming?!?!
Soon! We have a bunch of FPV stuff in store for after defcon. :) - Shannon
Awesome! It's my favorite series you have done on this channel. So much great info, I love how you made the episodes so informative and long in length instead of glossing over details like many other videos do.
I am trying to setup OpenVpn on my cell and on Nvidia Shield. Bit confused. In order to enable VPN on router you have to create a Dynamic Dns . I have done.
Then I install OpenVpn on my cell.
Question - Is it possible to route through various tunnels on OpenVPN (not to sound cliche but like in movies)
If so how would one go about this and do you have a video planned for it?
I have a question concerning dealing with captive portals when using this setup on the road. It looks like elinks is no longer supported in openwrt so I don't know of a way to log in to the captive portal from the pineapple to get it through the portal and onlne.
I am confused where you need to inport .ovpn profile
>Windows 10
Sure, that VPN gonna help :^)
You'd understand him if you were aware that Windows is really SpyOS
I am trying to connect to an OpenVpn . I have an Netgear Nighthawk x6s ac 3000
Hello, Darren -
I watched your video. I purchased the WIFI Pineapple NANO from your store and was able to configure the access point, but sadly found out that in order to have the access point running, I must have the WIFI Pineapple NANO connected to my windows PC through the Y cable and I have to keep the two SSH sessions alive (one for the openvpn program and the other to the iptables config commands)
Well, this won't fly for me :( I need to be able to carry my WIFI Pineapple NANO with me (I bought the tactical case for that!) and I need it to have the openvpn program and the ipctables config running once it has discovered a public network and it is connected to it. Is there a way to do this with my WIFI pineapple NANO, or did I hit a wall and I must resort to keep the NANO connected to my PC with the Y cable in order to create my access point?
Thank you for your response
PS: I am unable to post any questions in the forums. After posting three questions, my ability to post went away. I hope I have not been banned from the community
Can this be built into hostapd & dhcpd?
Just curious?
Love the show have a question. How do you make it all run on boot?
A simple solution is to add your command to /etc/rc.local. Add 'up /path/to/script.sh' and 'down script.sh' commands to your client.ovpn configuration file to run a script when the tunnel is set up and torn down, I suggest you add the iptables rules in up/down scripts. If you are not using a router where ip forwarding is enabled by default you can add 'echo 1 > /proc/sys/net/ipv4/ip_forward' to the up script and 'echo 0 > /proc/sys/net/ipv4/ip_forward' to the down script.
Thank You
If I do what u showed in ep. 1 and 2 connection will be encrypted?
How would you connect the pineapple to a public AP which needs the user to click on a link to accept the terms and conditions or enter a keyword and then accept terms and conditions?
Excellent question, that I actually came up with a solution for when I had to amplify a McDonalds AP for my brothers!
[SCROLL TO BOTTOM FOR TL;DR]
So as you know, a captive portal is a simple form that people have to fill out (typically agreeing to terms of use), and then the router automatically adds their device's MAC to a temporary "Authenticated" list.
Well a nice little feature found in the Wi-Fi Pineapple's "Networking" module is MAC spoofing!
If you're on the go, like I was, you'd normally have your phone or a laptop to manage your Pineapple. I was using my iPhone, which I could easily find my MAC with in Settings>General>About>Wi-Fi Address. You can easily authenticate to the network with your phone, and once you've done that, your phone's MAC will be in the router's temporary "Authenticated" list. From there, go to your Wi-Fi Pineapple's Networking Module and scroll down to "MAC Addresses". Change the interface of your Wi-Fi Client mode to have the same MAC as your phone, and poof! Free internet for everybody!
TL;DR
Authenticate with another device, then spoof the MAC of the Pineapple's Wi-Fi Client interface to have the MAC of your "other device"
Hi. I can forward tcp port but no udp port. Which command need for udp 5060 at ventos vps openvpn server? It has venet0 and tun0 nic.
hey I need some help my wlan0 is down after running this commands ...sudo airmon-ng start wlan0.... sudo airmon-ng check kill. some body help on how to solve it plz.my laptop wlan0 is down
Everyone in town uses the pineapple in my neighborhood!
Is the .ovpn file the hostname of my Dynamic Dns? or do I have Togo to OpenVpn server website to get file
can someone ans me ....if you are using a vpn then do you need to port forward router or no? for an application like minecraft,metasploit .etc
Thanks
PENVPN AS-210.247:943 ip's > is you local server or outside server provide from OpenVPN?
Can it be my Netgear R8000 router or QNAP NAS Server (Im looking to connect when traveling to my local network from devices mac & PC). Do you have video for VPN Tunnel and access on go "outside" (Mac & PC. Linux > local home/office NAS drive )
[Gasp] You forgot to put a hash-bang in your shell script!
He probably did it off camera... otherwise the pineapple would have exploded ;)
I always wonder why we say theis sometimes.
Love the: Hier niet poepen A.U.B sticker. for shits and giggles translate it from dutch to english :)
9:52 it'd be awesome if you could slow down and show all the script haha
It's in the shownotes! You can also pause and see it :) - Shannon
Gravityinreverse Did you get this working? What does your rc.local look like?
There is something wrong with this video its way out fo sync
We are not able to recreate this issue.
PWNED
hey I need some help my wlan0 is down after running this commands ...sudo airmon-ng start wlan0.... sudo airmon-ng check kill. some body help on how to solve it plz.my laptop wlan0 is down