SANS SEC542 Virtual Lab Access Information

Installing OpenVPN on the Class VM


To install and configure OpenVPN, do the following:
  1. Change the hardware configuration for the class VM so the virtual network adapter is using NAT rather than host-only mode.

  2. Login to the class VM:
    username: student 
    password: Security542
    
  3. Click on the Terminal icon in the toolbar

  4. In the Terminal window, type:
    sudo su -
  5. When prompted, enter the student user's password (hint: Security542). If successful, you'll see the prompt change to
    [~]#
  6. To setup the computer to use DHCP for network and DNS, type:
    config-dhcp.sh
    You will see output similar to:
    [~]# config-dhcp.sh
    Copying DHCP config...
    
    
    Stopping eth0...
    
    Internet Systems Consortium DHCP Client 4.2.4
    Copyright 2004-2012 Internet Systems Consortium.
    All rights reserved.
    For info, please visit https://www.isc.org/software/dhcp/
    
    Listening on LPF/eth0/00:0c:29:0f:99:ba
    Sending on   LPF/eth0/00:0c:29:0f:99:ba
    Sending on   Socket/fallback
    DHCPRELEASE on eth0 to 192.168.1.1 port 67 (xid=0x77491de6)
    
    Starting eth0. NOTE: this may take a few seconds...
    
    Internet Systems Consortium DHCP Client 4.2.4
    Copyright 2004-2012 Internet Systems Consortium.
    All rights reserved.
    For info, please visit https://www.isc.org/software/dhcp/
    
    Listening on LPF/eth0/00:0c:29:0f:99:ba
    Sending on   LPF/eth0/00:0c:29:0f:99:ba
    Sending on   Socket/fallback
    DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 (xid=0x6e696566)
    DHCPREQUEST of 192.168.150.139 on eth0 to 255.255.255.255 port 67 (xid=0x6e696566)
    DHCPOFFER of 192.168.150.139 from 192.168.150.254
    DHCPACK of 192.168.150.139 from 192.168.150.254
    bound to 192.168.150.139 -- renewal in 744 seconds.
    
    Running ifconfig...
    
    eth0      Link encap:Ethernet  HWaddr 00:0c:29:0f:99:ba  
              inet addr:192.168.150.139  Bcast:192.168.150.255  Mask:255.255.255.0
              inet6 addr: fe80::20c:29ff:fe0f:99ba/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:125119 errors:0 dropped:0 overruns:0 frame:0
              TX packets:11807 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:31265006 (31.2 MB)  TX bytes:1336323 (1.3 MB)
              Interrupt:19 Base address:0x2000
    
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:12055 errors:0 dropped:0 overruns:0 frame:0
              TX packets:12055 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:3721990 (3.7 MB)  TX bytes:3721990 (3.7 MB)
    
    [~]#
    
  7. From within the class VM, launch either Chrome or Firefox and download your user specific OpenVPN configuration file (unique link provided via email). In Firefox, choose "No Proxy" in the proxy selector in the upper right corner. In Chrome, ensure "Direct Connection" is chosen in the proxy selector (globe icon) in the upper right corner. Now go to the URL provided in the email you received that had the subject "SEC542 Virtual Lab Access". The URL is in the "User Authentication" section of the message. Save the file in /home/student/Desktop.

  8. Switch back to your Terminal window, and type the following command:
    cd /home/student/Desktop
  9. Type the following command:
    ls -l *.ovpn
    You should see output similar to:
    [/home/student/Desktop]# ls -l *.ovpn
    -rw-r--r-- 1 student student 6148 Jun 10 05:50 sec542-XXXXX-YYYYYY.ovpn
    
    where XXXXX is your event-id and YYYYYY is your SD number for your SANS portal account.

  10. Type the following command:
    mv sec542<tab>/etc/openvpn/
    You should see output similar to:
    [/home/student/Desktop]# mv sec542-XXXXX-YYYYYY.ovpn /etc/openvpn/
    [/home/student/Desktop]#
    

Starting OpenVPN on the Class VM


  1. If you do not currently have a root-level Terminal window open, bring up a new Terminal window and in the Terminal window, type:
    sudo su -
  2. In the root-level Terminal window, run the command:
    openvpn --config /etc/openvpn/sec542<tab>
    When prompted, enter the password
    VpnPassword
    . If the password is entered correctly, you should see output similar to:
    [~]# openvpn --config /etc/openvpn/sec542-9999-699251.ovpn
    Wed Jun 10 06:24:52 2015 OpenVPN 2.3.2 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
    Wed Jun 10 06:24:52 2015 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Wed Jun 10 06:24:52 2015 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Enter Private Key Password:
    Wed Jun 10 06:24:55 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Wed Jun 10 06:24:55 2015 Socket Buffers: R=[163840->131072] S=[163840->131072]
    Wed Jun 10 06:24:55 2015 UDPv4 link local: [undef]
    Wed Jun 10 06:24:55 2015 UDPv4 link remote: [AF_INET]66.35.59.32:1194
    Wed Jun 10 06:24:55 2015 TLS: Initial packet from [AF_INET]66.35.59.32:1194, sid=68ba747e dd21a6a6
    Wed Jun 10 06:24:55 2015 VERIFY OK: depth=1, C=US, ST=Maryland, L=Bethesda, O=SANS, OU=SEC542 LAB, CN=vpn542, emailAddress=noc@sans.org
    Wed Jun 10 06:24:55 2015 VERIFY OK: depth=0, C=US, ST=Maryland, O=SANS, OU=SEC542 LAB, CN=lab-sec542, emailAddress=noc@sans.org
    Wed Jun 10 06:24:56 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Wed Jun 10 06:24:56 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Wed Jun 10 06:24:56 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Wed Jun 10 06:24:56 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Wed Jun 10 06:24:56 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Wed Jun 10 06:24:56 2015 [lab-sec542] Peer Connection Initiated with [AF_INET]66.35.59.32:1194
    Wed Jun 10 06:24:58 2015 SENT CONTROL [lab-sec542]: 'PUSH_REQUEST' (status=1)
    Wed Jun 10 06:24:58 2015 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.42.5.24,dhcp-option DOMAIN sec542.org,route-gateway 10.42.5.1,ping 10,ping-restart 120,ifconfig 10.42.52.1 255.255.0.0'
    Wed Jun 10 06:24:58 2015 OPTIONS IMPORT: timers and/or timeouts modified
    Wed Jun 10 06:24:58 2015 OPTIONS IMPORT: --ifconfig/up options modified
    Wed Jun 10 06:24:58 2015 OPTIONS IMPORT: route-related options modified
    Wed Jun 10 06:24:58 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Wed Jun 10 06:24:58 2015 TUN/TAP device tap0 opened
    Wed Jun 10 06:24:58 2015 TUN/TAP TX queue length set to 100
    Wed Jun 10 06:24:58 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Wed Jun 10 06:24:58 2015 /sbin/ip link set dev tap0 up mtu 1500
    Wed Jun 10 06:24:58 2015 /sbin/ip addr add dev tap0 10.42.52.1/16 broadcast 10.42.255.255
    Wed Jun 10 06:24:58 2015 /etc/openvpn/update-resolv-conf tap0 1500 1574 10.42.52.1 255.255.0.0 init
    dhcp-option DNS 10.42.5.24
    dhcp-option DOMAIN sec542.org
    Wed Jun 10 06:25:13 2015 Initialization Sequence Completed
    
  3. Open another Terminal window, and type the command
    ping -c 3 10.42.5.1
    If you see output similar to:
    [~]$ ping -c 3 10.42.5.1
    PING 10.42.0.1 (10.42.5.1) 56(84) bytes of data.
    64 bytes from 10.42.5.1: icmp_seq=1 ttl=64 time=87.6 ms
    64 bytes from 10.42.5.1: icmp_seq=2 ttl=64 time=103 ms
    64 bytes from 10.42.5.1: icmp_seq=3 ttl=64 time=101 ms
    
    --- 10.42.5.1 ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 2003ms
    rtt min/avg/max/mdev = 87.615/97.568/103.359/7.073 ms
    
    then congratulations, you have successfully configured the VPN and connected to lab network, and can now do the CTF challenge.

  4. Leave OpenVPN running in the Terminal window until you no longer need the active OpenVPN connection.

Stopping OpenVPN on the Class VM

  1. Bring the original Terminal window where you started OpenVPN back up.
  2. Within that window, hit Ctrl-C (press and hold Ctrl and then hit the c key). You should see output similar to:
     
    Wed Jun 26 21:57:36 2013 Initialization Sequence Completed
    ^CWed Jun 26 22:17:04 2013 event_wait : Interrupted system call (code=4)
    Wed Jun 26 22:17:04 2013 TCP/UDP: Closing socket
    Wed Jun 26 22:17:04 2013 Closing TUN/TAP interface
    Wed Jun 26 22:17:04 2013 /sbin/ifconfig tap0 0.0.0.0
    Wed Jun 26 22:17:04 2013 SIGINT[hard,] received, process exiting
    [~]# 
    
    If so, then the VPN is disconnected.


Common Configuration Issues

For a list of common configuration issues that we have seen, please refer to Common Configuration Issues