SANS SEC511A Virtual Lab Access Information

Installing OpenVPN on the Xubuntu Course VM

To install and configure OpenVPN, do the following:
  1. Login to the Xubuntu Linux host:
    username: student 
    password: Security511
  2. Click on the Terminal icon in the toolbar

  3. In the Terminal window, type:
    [~]$ sudo su -
  4. When prompted, enter the student user's password (hint: Security511). If successful, you'll see the prompt change to
  5. Type the following command:
    root@Sec-511-Linux:~# echo "deb precise main universe" >> /etc/apt/sources.list
  6. Type the following command:
    root@Sec-511-Linux:~# apt-get update
    You should see output similar to:
    root@Sec-511-Linux-desktop:~# apt-get update
    Get:1 precise Release.gpg [198 B]
    Get:2 precise Release [49.6 kB]
    Get:3 precise/main i386 Packages [1,274 kB]
    Get:4 precise/universe i386 Packages [4,796 kB]
    Get:5 precise/main TranslationIndex [3,706 B]
    Get:6 precise/universe TranslationIndex [2,922 B]
    Get:7 precise/main Translation-en [726 kB]
    Get:8 precise/universe Translation-en [3,341 kB]
    Fetched 10.2 MB in 10s (954 kB/s)
    Reading package lists... Done
  7. To install the OpenVPN software, type:
    root@Sec-511-Linux:~# apt-get -y install openvpn
    You will see output similar to:
    root@Sec-511-Linux:~# apt-get install -y openvpn
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    The following packages were automatically installed and are no longer required:
      securityonion-libunix-processors-perl libhttp-parser-xs-perl
      securityonion-libchi-driver-dbi-perl libb-hooks-endofscope-perl
      securityonion-libconfig-general-perl libwant-perl
      securityonion-libsys-meminfo-perl libmath-bigint-perl libjansson4
      securityonion-suricata libpath-class-perl libnamespace-autoclean-perl
      libtest-class-perl libmono2.0-cil libemail-localdelivery-perl
      libio-string-perl securityonion-pfring-module securityonion-server
      libtest-warn-perl zerofree securityonion-ossec-rules securityonion-sostat
      libmono-data-tds2.0-cil securityonion-networkminer
      securityonion-libsys-info-driver-linux-perl libmodule-refresh-perl mysqltcl
      securityonion-libextutils-config-perl libtest-fatal-perl
      securityonion-libmoo-perl securityonion-libdigest-sha1-perl
      securityonion-passenger-conf securityonion-profile
      libmono-system-data2.0-cil libeval-closure-perl
      libauthen-simple-kerberos-perl libstring-crc32-perl ossec-hids-server
      libtest-inter-perl libcache-fastmmap-perl libyaml-syck-perl
      libany-moose-perl securityonion-http-agent libmoosex-traits-perl
      libnet-netmask-perl securityonion-sguild-add-user securityonion-pfring-daq
      sslsniff securityonion-samples libmodule-install-perl liblog-log4perl-perl
      libipc-sharelite-perl libtcmalloc-minimal0 securityonion-sguil-sensor
      libtest-exception-perl securityonion-sudoers
      securityonion-liburi-encode-perl securityonion-skel libpdf-api2-perl
      tcpflow-no-tags libhash-multivalue-perl libtest-sharedfork-perl
      securityonion-libdata-google-visualization-datasource-perl libanyevent-perl
      libclass-accessor-perl libgoogle-perftools0 libapache-admin-config-perl
      libmoosex-attributehelpers-perl sniffit libtext-diff-perl php5
      securityonion-pulledpork libtest-use-ok-perl securityonion-snort
      libanyevent-dbi-perl libhtml-template-perl
      securityonion-libmath-pari-perl securityonion-libmodule-runtime-perl
      netexpect libtest-deep-perl tcpstat mysql-server-5.5
      securityonion-reassembler securityonion-libplack-builder-conditionals-perl
      libcache-cache-perl securityonion-libtest-sys-info-perl
      libexception-class-perl php5-sqlite libdate-calc-perl
      libclass-inspector-perl securityonion-libclass-method-modifiers-perl xplico
      tcpxtract securityonion-libnet-ldap-express-perl hping3 iwidgets4
      libexporter-lite-perl libsearch-queryparser-perl libtie-toobject-perl
      securityonion-pfring-userland libfile-remove-perl libcarp-assert-perl
      libdate-calc-xs-perl libcarp-clan-perl libstring-rewriteprefix-perl
      libwsutil1 securityonion-passenger libclass-load-xs-perl
      securityonion-libmailtools-perl libpod-coverage-perl
      securityonion-libparse-snort-perl libarchive-zip-perl libyaml-perl
      libluajit-5.1-common libnamespace-clean-perl libossp-uuid-perl php5-gd
      securityonion-bro-scripts libfont-ttf-perl libnet-ldap-filterbuilder-perl
      libboost-thread1.46.1 securityonion-limits securityonion-sguil-server
      libtext-csv-xs-perl chaosreader securityonion-elsa-web-perl
      securityonion-libmoosex-classattribute-perl libossp-uuid16 ruby1.8
      securityonion-argus-server tcpflow labrea libdata-visitor-perl
      libemail-foldertype-perl autossh librecode0 mysql-server-core-5.5
      libmono-messaging2.0-cil libmono-i18n-west2.0-cil
      securityonion-libsocket-perl libtest-tcp-perl
      securityonion-liburl-encode-perl libemail-simple-perl libudp-tcl
      securityonion-libsys-info-perl libtree-dagnode-perl ruby libwireshark-data
      dsniff libmono-system-messaging2.0-cil liblwp-useragent-determined-perl
      libmono-posix2.0-cil libmono-winforms2.0-cil tcllib p0f libauthen-pam-perl
      securityonion-libmath-bigint-pari-perl tclx8.4
      libspreadsheet-writeexcel-perl securityonion-libmodule-pluggable-perl
      libmono-security2.0-cil libfilesys-notify-simple-perl securityonion-snorby
      ruby-bundler libmoose-perl libdevel-partialdump-perl libio-stty-perl
      securityonion-liblog-syslog-fast-perl libcontextual-return-perl
      libdata-serializer-perl tcptrace expect starman
      securityonion-libmoox-types-mooselike-perl libanyevent-http-perl
      libhash-merge-simple-perl libio-stringy-perl libsmi2ldbl libgeo-ip-perl
      securityonion-daq libluajit-5.1-2 netcat6 dkms libfile-sharedir-install-perl
      libdevel-stacktrace-perl libtest-nowarnings-perl libole-storage-lite-perl
      securityonion-bro securityonion-libextutils-installpaths-perl
      libsub-name-perl mysql-server
      libtime-duration-parse-perl securityonion-client python3-httplib2
      securityonion-liblog-syslog-constants-perl securityonion-barnyard2
      libmoosex-storage-perl libnet-ip-perl securityonion-wkhtmltopdf
      securityonion-tcpudpflow ngrep recode libmono-system-data-linq2.0-cil
      libmath-bigint-gmp-perl securityonion-librole-tiny-perl
      libmoosex-log-log4perl-perl libdevel-globaldestruction-perl
      libemail-date-format-perl securityonion-libextutils-helpers-perl
      libnet-cidr-lite-perl daemonlogger libmono-sqlite2.0-cil ssldump
      libpdf-api2-simple-perl libnet-dns-perl libtest-most-perl libstemmer0d
      securityonion-libplack-middleware-xforwardedfor-perl prads
      securityonion-libdist-checkconflicts-perl sphinxsearch
      libmono-system-web2.0-cil securityonion-squert libouch-perl driftnet
      libtime-duration-perl libauthen-simple-pam-perl securityonion-netsniff-ng
      libtask-weaken-perl syslog-ng libdate-manip-perl securityonion-capme
      libjs-yui securityonion-libdata-google-visualization-datatable-perl
      libjson-perl libfile-path-expand-perl libmono-sharpzip2.84-cil
      securityonion-libnet-openssh-perl securityonion-elsa-node-perl
      libmono-corlib2.0-cil tcpick securityonion-libstream-buffered-perl itcl3
      libmodule-scandeps-perl netsed libchi-perl libfile-slurp-perl
      libnet-server-perl tcl8.4 securityonion-libio-html-perl
      libhash-util-fieldhash-compat-perl libxml-simple-perl
      libdevel-stacktrace-ashtml-perl securityonion-libexception-class-perl
      securityonion-et-rules libvariable-magic-perl libtest-requires-perl
      securityonion-libcapture-tiny-perl libxml-writer-perl bittwist
      securityonion-setup python-scapy wireshark
      securityonion-nsmnow-admin-scripts libio-pty-perl
      securityonion-libtime-hires-perl libc-ares2 libmono-accessibility2.0-cil
      securityonion-menu libplack-perl libstrictures-perl liblog4cpp5
      securityonion-rule-update libjson-xs-perl
      securityonion-argus-clients libpar-dist-perl libsub-identify-perl
      libio-multiplex-perl securityonion-libapache-logformat-compiler-perl
      libnet-cidr-perl libtest-tester-perl libwireshark1 libclone-perl
      securityonion-logo securityonion-sensor libmoosex-role-parameterized-perl
      securityonion-login-screen libtest-output-perl
      libclass-data-inheritable-perl libauthen-simple-ldap-perl php5-mysql
      libclass-method-modifiers-perl securityonion-web-page libdigest-hmac-perl
      php5-cli libruby1.8 libtest-trap-perl libsub-uplevel-perl
      libauthen-simple-dbi-perl libdbd-sqlite3-perl libhttp-body-perl tcpreplay
      libfile-sharedir-perl libcommon-sense-perl
      securityonion-libdata-serializable-perl libwiretap1 libapache2-mod-php5
      securityonion-sguil-agent-ossec libboost-filesystem1.46.1
      libplack-middleware-session-perl libtext-csv-perl liblog-any-perl htop
      securityonion-sguil-db-purge lame libmoosex-clone-perl libev-perl hunt
      securityonion-sguil-client tshark itk3 tcl-tls libtest-differences-perl
      securityonion-pfring-ld securityonion-libsys-info-base-perl php5-common
      securityonion-libsearch-queryparser-sql-perl libtest-pod-perl
      libmono-wcf3.0-cil securityonion-libmodule-implementation-perl
      libmono-webbrowser2.0-cil libcrypt-dh-perl securityonion-squert-cron
      libconfig-json-perl securityonion-libnet-ssh-expect-perl
      libmono-system2.0-cil libauthen-krb5-simple-perl wireshark-common
      libdigest-jhash-perl libexpect-perl libhash-moreutils-perl tcpslice
      securityonion-libsys-hostname-fqdn-perl libnids1.21 libbit-vector-perl
      libauthen-simple-perl libboost-system1.46.1 libjson-any-perl
    Use 'apt-get autoremove' to remove them.
    The following extra packages will be installed:
      liblzo2-2 libpkcs11-helper1
    The following NEW packages will be installed:
      liblzo2-2 libpkcs11-helper1 openvpn
    0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
    Need to get 550 kB of archives.
    After this operation, 1,437 kB of additional disk space will be used.
    Get:1 precise/main liblzo2-2 i386 2.06-1 [60.6 kB]
    Get:2 precise/main libpkcs11-helper1 i386 1.09-1 [47.5 kB]
    Get:3 precise/main openvpn i386 2.2.1-8ubuntu1 [442 kB]
    Fetched 550 kB in 1s (418 kB/s)
    Preconfiguring packages ...
    Selecting previously unselected package liblzo2-2.
    (Reading database ... 220524 files and directories currently installed.)
    Unpacking liblzo2-2 (from .../liblzo2-2_2.06-1_i386.deb) ...
    Selecting previously unselected package libpkcs11-helper1.
    Unpacking libpkcs11-helper1 (from .../libpkcs11-helper1_1.09-1_i386.deb) ...
    Selecting previously unselected package openvpn.
    Unpacking openvpn (from .../openvpn_2.2.1-8ubuntu1_i386.deb) ...
    Processing triggers for man-db ...
    Processing triggers for ureadahead ...
    ureadahead will be reprofiled on next reboot
    Setting up liblzo2-2 (2.06-1) ...
    Setting up libpkcs11-helper1 (1.09-1) ...
    Setting up openvpn (2.2.1-8ubuntu1) ...
     * Restarting virtual private network daemon(s)...                               *   No VPN is running.
    Processing triggers for libc-bin ...
    ldconfig deferred processing now taking place

  8. Type the following command:
    root@Sec-511-Linux:~# openvpn --version
    If the command works, you should see output similar to:
    root@Sec-511-Linux:~# openvpn --version
    OpenVPN 2.2.1 i686-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar 30 2012
    Originally developed by James Yonan
    Copyright (C) 2002-2010 OpenVPN Technologies, Inc. 
      $ ./configure --build=i686-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --libexecdir=${prefix}/lib/openvpn --disable-maintainer-mode --disable-dependency-tracking CFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security CPPFLAGS=-D_FORTIFY_SOURCE=2 CXXFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security FFLAGS=-g -O2 LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now --enable-password-save --host=i686-linux-gnu --build=i686-linux-gnu --prefix=/usr --mandir=${prefix}/share/man --with-ifconfig-path=/sbin/ifconfig --with-route-path=/sbin/route
  9. From within the Xubuntu VM, launch Firefox and download your user specific OpenVPN configuration file (unique link provided via email). Go to the URL provided in the email you received that had the subject "SEC511A Virtual Lab Access". The URL is in the "User Authentication" section of the message. Save the file in /home/student/Downloads.

  10. Switch back to your Terminal window, and type the following command:
    root@Sec-511-Linux:~# cd /home/student/Downloads
  11. Type the following command:
    root@Sec-511-Linux:~# ls -l *.ovpn
    You should see output similar to:
    root@Sec-511-Linux:/home/student/Downloads# ls -l *.ovpn
    -rw-r--r-- 1 student student 6100 Dec  9 15:30 sec511a-9999-699251.ovpn
    where XXXXX is your event-id and YYYYYY is your SD number for your SANS portal account.

  12. Type the following command:
    root@Sec-511-Linux:~# mv sec511a<tab>/etc/openvpn/.
    You should see output similar to:
    root@Sec-511-Linux:/home/student/Downloads# mv sec511a-XXXXX-YYYYYY.ovpn /etc/openvpn/.

Starting OpenVPN on the Xubuntu Course VM

  1. If you do not currently have a root-level Terminal window open, bring up a new Terminal window and in the Terminal window, type:
    [~] sudo su -
  2. In the root-level Terminal window, run the command:
    root@Sec-511-Linux:~# openvpn --config /etc/openvpn/sec511a<tab>
    When prompted, enter the password
    If the password is entered correctly, you should see output similar to:
    root@Sec-511-Linux:~# openvpn --config /etc/openvpn/sec511a-XXXXX-YYYYYY.ovpn 
    Tue Dec  9 16:14:53 2014 OpenVPN 2.2.1 i686-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar 30 2012
    Tue Dec  9 16:14:53 2014 WARNING: No server certificate verification method has been enabled.  See for more info.
    Tue Dec  9 16:14:53 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Enter Private Key Password:
    Tue Dec  9 16:14:56 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Tue Dec  9 16:14:56 2014 LZO compression initialized
    Tue Dec  9 16:14:56 2014 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Tue Dec  9 16:14:56 2014 Socket Buffers: R=[16777216->131072] S=[16777216->131072]
    Tue Dec  9 16:14:56 2014 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Tue Dec  9 16:14:56 2014 Local Options hash (VER=V4): 'd79ca330'
    Tue Dec  9 16:14:56 2014 Expected Remote Options hash (VER=V4): 'f7df56b8'
    Tue Dec  9 16:14:56 2014 UDPv4 link local: [undef]
    Tue Dec  9 16:14:56 2014 UDPv4 link remote: [AF_INET]
    Tue Dec  9 16:14:56 2014 TLS: Initial packet from [AF_INET], sid=d058dbec 2b2d9722
    Tue Dec  9 16:14:57 2014 VERIFY OK: depth=1, /C=US/ST=Maryland/L=Bethesda/O=SANS/OU=SEC511A_LAB/CN=lab-sec511a/
    Tue Dec  9 16:14:57 2014 VERIFY OK: depth=0, /C=US/ST=Maryland/O=SANS/OU=SEC511A_LAB/CN=lab-sec511a/
    Tue Dec  9 16:14:57 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Tue Dec  9 16:14:57 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Tue Dec  9 16:14:57 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Tue Dec  9 16:14:57 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Tue Dec  9 16:14:57 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Tue Dec  9 16:14:57 2014 [lab-sec511a] Peer Connection Initiated with [AF_INET]
    Tue Dec  9 16:15:00 2014 SENT CONTROL [lab-sec511a]: 'PUSH_REQUEST' (status=1)
    Tue Dec  9 16:15:00 2014 PUSH: Received control message: 'PUSH_REPLY,route-gateway,ping 10,ping-restart 120,ifconfig'
    Tue Dec  9 16:15:00 2014 OPTIONS IMPORT: timers and/or timeouts modified
    Tue Dec  9 16:15:00 2014 OPTIONS IMPORT: --ifconfig/up options modified
    Tue Dec  9 16:15:00 2014 OPTIONS IMPORT: route-related options modified
    Tue Dec  9 16:15:00 2014 TUN/TAP device tap0 opened
    Tue Dec  9 16:15:00 2014 TUN/TAP TX queue length set to 100
    Tue Dec  9 16:15:00 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Tue Dec  9 16:15:00 2014 /sbin/ifconfig tap0 netmask mtu 1500 broadcast
    Tue Dec  9 16:15:02 2014 Initialization Sequence Completed
  3. Open another Terminal window, and type the command
    [~] ping -c 3
    If you see output similar to:
    [~} ping -c 3
    PING ( 56(84) bytes of data.
    64 bytes from icmp_req=1 ttl=64 time=157 ms
    64 bytes from icmp_req=2 ttl=64 time=82.8 ms
    64 bytes from icmp_req=3 ttl=64 time=71.5 ms
    --- ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 2003ms
    rtt min/avg/max/mdev = 71.520/103.957/157.457/38.114 ms
    then congratulations, you have successfully configured the VPN and connected to lab network, and can now do the Day 1-5 exercises.

  4. Leave OpenVPN running in the Terminal window until you no longer need the active OpenVPN connection.

Stopping OpenVPN on the Xubuntu Course VM

  1. Bring the original Terminal window where you started OpenVPN back up.
  2. Within that window, hit Ctrl-C (press and hold Ctrl and then hit the c key). You should see output similar to:
    Tue Dec  9 16:15:02 2014 Initialization Sequence Completed
    ^CTue Dec  9 16:43:06 2014 event_wait : Interrupted system call (code=4)
    Tue Dec  9 16:43:06 2014 TCP/UDP: Closing socket
    Tue Dec  9 16:43:06 2014 Closing TUN/TAP interface
    Tue Dec  9 16:43:06 2014 /sbin/ifconfig tap0
    Tue Dec  9 16:43:06 2014 SIGINT[hard,] received, process exiting
    If so, then the VPN is disconnected.

Common Configuration Issues

For a list of common configuration issues that we have seen, please refer to Common Configuration Issues