SANS SEC642B Virtual Lab Access Information

Installing OpenVPN on the SamuraiWTF Course VM


To install and configure OpenVPN, do the following:
  1. Login to the Samurai Linux host:
    username: samurai 
    password: samurai
    
  2. Click on the Terminal icon in the toolbar

  3. In the Terminal window, type:
    sudo su -
  4. When prompted, enter the samurai user's password (hint: samurai). If successful, you'll see the prompt change to
    root@samurai-desktop:~#
  5. Type the following command:
    apt-get update
    You should see output similar to:
    root@samurai-desktop:~# apt-get update
    Get:1 http://security.ubuntu.com lucid-security Release.gpg [198B]
    Ign http://security.ubuntu.com/ubuntu/ lucid-security/main Translation-en_US
    Ign http://security.ubuntu.com/ubuntu/ lucid-security/restricted Translation-en_US
    Ign http://security.ubuntu.com/ubuntu/ lucid-security/universe Translation-en_US
    Ign http://security.ubuntu.com/ubuntu/ lucid-security/multiverse Translation-en_US
    Get:2 http://us.archive.ubuntu.com lucid Release.gpg [189B]                    
    Ign http://us.archive.ubuntu.com/ubuntu/ lucid/main Translation-en_US          
    Ign http://us.archive.ubuntu.com/ubuntu/ lucid/restricted Translation-en_US    
    Ign http://us.archive.ubuntu.com/ubuntu/ lucid/universe Translation-en_US      
    Ign http://us.archive.ubuntu.com/ubuntu/ lucid/multiverse Translation-en_US    
    ...
    ...
    Get:24 http://us.archive.ubuntu.com lucid-updates/multiverse Packages [11.5kB]
    Get:25 http://us.archive.ubuntu.com lucid-updates/multiverse Sources [5,817B]
    Fetched 2,539kB in 2s (1,179kB/s)                            
    Reading package lists... Done
    root@samurai-desktop:~# 
    
  6. To install the OpenVPN software, type:
    apt-get install openvpn
    and enter Y at the "Do you want to continue" prompt. You will see output similar to:
    root@samurai-desktop:~# apt-get install openvpn
    Reading package lists... Done
    Building dependency tree       
    Reading state information... Done
    The following extra packages will be installed:
      liblzo2-2 libpkcs11-helper1 openssl-blacklist openvpn-blacklist
    Suggested packages:
      resolvconf
    The following NEW packages will be installed:
      liblzo2-2 libpkcs11-helper1 openssl-blacklist openvpn openvpn-blacklist
    0 upgraded, 5 newly installed, 0 to remove and 232 not upgraded.
    Need to get 7,937kB of archives.
    After this operation, 16.3MB of additional disk space will be used.
    Do you want to continue [Y/n]? Y
    Get:1 http://us.archive.ubuntu.com/ubuntu/ lucid/main openssl-blacklist 0.5-2 [6,338kB]
    Get:2 http://us.archive.ubuntu.com/ubuntu/ lucid/main liblzo2-2 2.03-2 [63.4kB]
    Get:3 http://us.archive.ubuntu.com/ubuntu/ lucid/main libpkcs11-helper1 1.07-1build1 [43.8kB]
    Get:4 http://us.archive.ubuntu.com/ubuntu/ lucid/main openvpn-blacklist 0.4 [1,068kB]
    Get:5 http://us.archive.ubuntu.com/ubuntu/ lucid-updates/main openvpn 2.1.0-1ubuntu1.1 [424kB]
    Fetched 6,233kB in 14s (437kB/s)                                               
    Preconfiguring packages ...
    Selecting previously deselected package openssl-blacklist.
    (Reading database ... 209308 files and directories currently installed.)
    Unpacking openssl-blacklist (from .../openssl-blacklist_0.5-2_all.deb) ...
    Selecting previously deselected package liblzo2-2.
    Unpacking liblzo2-2 (from .../liblzo2-2_2.03-2_i386.deb) ...
    Selecting previously deselected package libpkcs11-helper1.
    Unpacking libpkcs11-helper1 (from .../libpkcs11-helper1_1.07-1build1_i386.deb) ...
    Selecting previously deselected package openvpn-blacklist.
    Unpacking openvpn-blacklist (from .../openvpn-blacklist_0.4_all.deb) ...
    Selecting previously deselected package openvpn.
    Unpacking openvpn (from .../openvpn_2.1.0-1ubuntu1.1_i386.deb) ...
    Processing triggers for man-db ...
    Processing triggers for ureadahead ...
    ureadahead will be reprofiled on next reboot
    Setting up openssl-blacklist (0.5-2) ...
    Setting up liblzo2-2 (2.03-2) ...
    
    Setting up libpkcs11-helper1 (1.07-1build1) ...
    
    Setting up openvpn-blacklist (0.4) ...
    Setting up openvpn (2.1.0-1ubuntu1.1) ...
     * Restarting virtual private network daemon(s)...                               *   No VPN is running.
    
    Processing triggers for libc-bin ...
    ldconfig deferred processing now taking place
    root@samurai-desktop:~# 
    

  7. Type the following command:
    openvpn --version
    If the command works, you should see output similar to:
    root@samurai-desktop:~# openvpn --version
    OpenVPN 2.1.0 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurepia] built on Jul 20 2010
    Originally developed by James Yonan
    Copyright (C) 2002-2009 OpenVPN Technologies, Inc. 
    root@samurai-desktop:~# 
    
  8. From within the SamuraiWTF VM, launch Firefox and download your user specific OpenVPN configuration file (unique link provided via email). You will need to temporarily disable the proxy configuration setup in Firefox.

    Click "Edit -> Preferences", go to the "Advanced" view and click on the "Network" tab, then click on "Settings..." Select "No proxy", click "OK" and click "Close".

    Now go to the URL provided in the email you received that had the subject "SEC642B Virtual Lab Access". The URL is in the "User Authentication" section of the message. Save the file in /home/samurai/Desktop.

    Enable the proxy settings in Firefox. Click "Edit -> Preferences", go to the "Advanced" view and click on the "Network" tab, then click on "Settings..." Select "Manual proxy configuration", click "OK" and click "Close".

  9. Switch back to your Terminal window, and type the following command:
    cd /home/samurai/Desktop
  10. Type the following command:
    ls -l *.ovpn
    You should see output similar to:
    root@samurai-desktop:/home/samurai/Desktop# ls -l *.ovpn
    -rw-r--r-- 1 samurai samurai 6271 2013-06-26 18:40 sec642b-XXXXX-YYYYYY.ovpn
    
    where XXXXX is your event-id and YYYYYY is your SD number for your SANS portal account.

  11. Type the following command:
    mv sec642b<tab>/etc/openvpn/.
    You should see output similar to:
    root@samurai-destop:/home/samurai/Desktop# mv sec642b-XXXXX-YYYYYY.ovpn /etc/openvpn/.
    root@samurai-destop:/home/samurai/Desktop#
    

Starting OpenVPN on the SamuraiWTF Course VM


  1. If you do not currently have a root-level Terminal window open, bring up a new Terminal window and in the Terminal window, type:
    sudo su -
  2. In the root-level Terminal window, run the command:
    openvpn --config /etc/openvpn/sec642b<tab>
    When prompted, enter the password
    VpnPassword
    . If the password is entered correctly, you should see output similar to:
    root@samurai-desktop:~# openvpn --config /etc/openvpn/sec642b-XXXXX-YYYYYY.ovpn 
    Wed Jun 26 21:56:08 2013 OpenVPN 2.1.0 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010
    Wed Jun 26 21:56:08 2013 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Wed Jun 26 21:56:08 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Enter Private Key Password:
    Wed Jun 26 21:57:30 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Wed Jun 26 21:57:30 2013 /usr/bin/openssl-vulnkey -q -b 1024 -m 
    Wed Jun 26 21:57:30 2013 LZO compression initialized
    Wed Jun 26 21:57:30 2013 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Wed Jun 26 21:57:31 2013 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Wed Jun 26 21:57:31 2013 Local Options hash (VER=V4): 'd79ca330'
    Wed Jun 26 21:57:31 2013 Expected Remote Options hash (VER=V4): 'f7df56b8'
    Wed Jun 26 21:57:31 2013 Socket Buffers: R=[112640->131072] S=[112640->131072]
    Wed Jun 26 21:57:31 2013 UDPv4 link local: [undef]
    Wed Jun 26 21:57:31 2013 UDPv4 link remote: [AF_INET]66.35.59.63:1194
    Wed Jun 26 21:57:31 2013 TLS: Initial packet from [AF_INET]66.35.59.63:1194, sid=0b821ef5 e8399a6e
    Wed Jun 26 21:57:31 2013 VERIFY OK: depth=1, /C=US/ST=Maryland/L=Bethesda/O=SANS/OU=SEC642B__DAY_6__LAB/CN=vpn-sec642b/emailAddress=noc@sans.org
    Wed Jun 26 21:57:31 2013 VERIFY OK: depth=0, /C=US/ST=Maryland/O=SANS/OU=SEC642B__DAY_6__LAB/CN=vpn-sec642b/emailAddress=noc@sans.org
    Wed Jun 26 21:57:32 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Wed Jun 26 21:57:32 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Wed Jun 26 21:57:32 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Wed Jun 26 21:57:32 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Wed Jun 26 21:57:32 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Wed Jun 26 21:57:32 2013 [vpn-sec642b] Peer Connection Initiated with [AF_INET]66.35.59.63:1194
    Wed Jun 26 21:57:34 2013 SENT CONTROL [vpn-sec642b]: 'PUSH_REQUEST' (status=1)
    Wed Jun 26 21:57:34 2013 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.42.6.2,dhcp-option DOMAIN sec642.org,route-gateway 10.42.0.1,ping 10,ping-restart 120,ifconfig 10.42.76.3 255.255.0.0'
    Wed Jun 26 21:57:34 2013 OPTIONS IMPORT: timers and/or timeouts modified
    Wed Jun 26 21:57:34 2013 OPTIONS IMPORT: --ifconfig/up options modified
    Wed Jun 26 21:57:34 2013 OPTIONS IMPORT: route-related options modified
    Wed Jun 26 21:57:34 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Wed Jun 26 21:57:34 2013 TUN/TAP device tap0 opened
    Wed Jun 26 21:57:34 2013 TUN/TAP TX queue length set to 100
    Wed Jun 26 21:57:34 2013 /sbin/ifconfig tap0 10.42.76.3 netmask 255.255.0.0 mtu 1500 broadcast 10.42.255.255
    Wed Jun 26 21:57:36 2013 Initialization Sequence Completed
    
  3. Open another Terminal window, and type the command
    ping -c 3 10.42.0.1
    If you see output similar to:
    samurai@samurai:~$ ping -c 3 10.42.0.1
    PING 10.42.0.1 (10.42.0.1) 56(84) bytes of data.
    64 bytes from 10.42.0.1: icmp_seq=1 ttl=64 time=87.6 ms
    64 bytes from 10.42.0.1: icmp_seq=2 ttl=64 time=103 ms
    64 bytes from 10.42.0.1: icmp_seq=3 ttl=64 time=101 ms
    
    --- 10.42.0.1 ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 2003ms
    rtt min/avg/max/mdev = 87.615/97.568/103.359/7.073 ms
    
    then congratulations, you have successfully configured the VPN and connected to lab network, and can now do the CTF challenge.

  4. Use a text editor to edit /etc/resolv.conf. Click on Applications -> Accessories -> Text Editor and open /etc/resolv.conf.

  5. Edit the file to look like:
    nameserver 10.42.6.2
    search sec642.org
    
    Save the file and exit the editor.
  6. Leave OpenVPN running in the Terminal window until you no longer need the active OpenVPN connection.

Stopping OpenVPN on the SamuraiWTF Course VM

  1. Bring the original Terminal window where you started OpenVPN back up.
  2. Within that window, hit Ctrl-C (press and hold Ctrl and then hit the c key). You should see output similar to:
     
    Wed Jun 26 21:57:36 2013 Initialization Sequence Completed
    ^CWed Jun 26 22:17:04 2013 event_wait : Interrupted system call (code=4)
    Wed Jun 26 22:17:04 2013 TCP/UDP: Closing socket
    Wed Jun 26 22:17:04 2013 Closing TUN/TAP interface
    Wed Jun 26 22:17:04 2013 /sbin/ifconfig tap0 0.0.0.0
    Wed Jun 26 22:17:04 2013 SIGINT[hard,] received, process exiting
    root@samurai-desktop:~# 
    
    If so, then the VPN is disconnected.


Common Configuration Issues

For a list of common configuration issues that we have seen, please refer to Common Configuration Issues