OpenVPN
Welcome to the final part of our tutorial series! In this step, we’re going to set up OpenVPN so you can securely connect to your GOAD lab environment right from your local machine.
To make things easy, we’ll use the OpenVPN Wizard along with the openvpn-client-export package. These tools will help us create a remote access server and generate the configuration files we need to connect smoothly.
Let’s get started with setting up the OpenVPN remote access server.
OpenVPN server information:
In this step, we'll walk through the key settings you'll use when creating your OpenVPN server using the wizard.
- Choose Local User Access
- Description: openvpn (This can be whatever you'd like)
-
Port: 1194 (default OpenVPN port)
-
IPv4 tunnel network: 10.10.10.0/24
-
IPv4 local network: 192.168.10.0/24 (Keep the same network as you setup for VLAN10)
-
Topology: net30 - Isolated/ 30 network per client
-
DNS server 1: 192.168.10.1 (Using pfsense for internal DNS)
User Manager:
Now we create a user who can log onto to the VPN.
- Go to the User Manager
- Create user
- Choose whatever username you would like as well as a secure password
- Don't forget to check the box to open the options for creating a user certificate
Install client-export:
We will install the OpenVPN Client Export package to make it easier to generate a VPN configuration file.
Go to User Managerand click to install openvpn-client-export
OpenVPN / Client Export Utility
Once you have the openvpn-client-export downloaded
Go to VPN -> OpenVPN -> Client Export
Under Host Name Resolution, give Other so you have the option to put in your server's IP address as the hostname/IP address the client will use to connect to this server.
Host Name Resolution: Other
Host Name: your server's IP address
Find your user in the list of OpenVPN clients and download Inline Configurations for Most Clients
Set Firewall Rules
Now we will allow connections into our VLAN10 through the VPN.
Connect through your VPN using sudo openvpn pfSense-….ovpn using the file you just downloaded from the Client Export Utility.
Now to check that everything is working you can run route on your local machine and you should see a new route pointing to the GOAD lab network : 192.168.10.0/24.
Install Trapster
Goad is all set up for hacking! But for an additional challenge we can add a Honeypot to the internal network.
Start by finding the link a debian iso image from here: https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/
You can then go to local -> ISO Images -> Download from URL and paste that url.
Then create a new virtual machine called trapster-community in the same Node and Resource Pool.
Use a CD/DVD disc image file and select the Debian downloaded. Make sure to put this VM on the vmbr3 bridge with the VLAN Tag set to 10 to place it inside the GOAD internal network. You can choose to set a static IP or it should be automatically given one in the range 192.168.10.100 - 192.168.10.255 by DHCP.
Follow the official docker docs for Debian to install docker on our new Debian VM.
Finally install Trapster by following the community guide at: https://docs.trapster.cloud/community/install/docker .