How to access virtual machines via openvpn

[bobor]

Ahoj, I am a bit lost and any advice is highly appreciated. I am trying to access machine running on virtualbox on strong server via openvpn.



I tried to enable routing and push the route to 192.168.56.0 and my testing vm network settings is set to host only adapter, but no luck. Testing VM IP is 192.168.56.101, my tun0 IP is 192.168.56.3 but I cant ping the machine. I am missing gateway setting where should I look at? Please see screenshots for understanding what I am trying to do. Thank you

This is my openvpn config:

Code: Select all

cat /etc/openvpn/server.conf 
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 192.168.56.0 255.255.255.0
push "route 192.168.56.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_4ND1IGilsOsqFOrd.crt
key server_4ND1IGilsOsqFOrd.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3

log when run my testclient:

Code: Select all

└─# openvpn client111.ovpn
2023-04-04 08:42:07 Unrecognized option or missing or extra parameter(s) in client111.ovpn:19: block-outside-dns (2.5.7)
2023-04-04 08:42:07 OpenVPN 2.5.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul  5 2022
2023-04-04 08:42:07 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2023-04-04 08:42:07 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-04-04 08:42:07 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-04 08:42:07 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-04-04 08:42:07 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-04 08:42:07 TCP/UDP: Preserving recently used remote address: [AF_INET]10.5.234.23:1194
2023-04-04 08:42:07 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-04-04 08:42:07 UDP link local: (not bound)
2023-04-04 08:42:07 UDP link remote: [AF_INET]10.5.234.23:1194
2023-04-04 08:42:07 TLS: Initial packet from [AF_INET]10.5.234.23:1194, sid=bca7ae61 9de95d4f
2023-04-04 08:42:07 VERIFY OK: depth=1, CN=cn_WHLqtsupL3nvjt9t
2023-04-04 08:42:07 VERIFY KU OK
2023-04-04 08:42:07 Validating certificate extended key usage
2023-04-04 08:42:07 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-04-04 08:42:07 VERIFY EKU OK
2023-04-04 08:42:07 VERIFY X509NAME OK: CN=server_4ND1IGilsOsqFOrd
2023-04-04 08:42:07 VERIFY OK: depth=0, CN=server_4ND1IGilsOsqFOrd
2023-04-04 08:42:07 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bit EC, curve prime256v1, signature: ecdsa-with-SHA256
2023-04-04 08:42:07 [server_4ND1IGilsOsqFOrd] Peer Connection Initiated with [AF_INET]10.5.234.23:1194
2023-04-04 08:42:07 PUSH: Received control message: 'PUSH_REPLY,route 192.168.56.0 255.255.255.0,dhcp-option DNS 8.8.8.8,route-gateway 192.168.56.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.56.3 255.255.255.0,peer-id 0,cipher AES-128-GCM'
2023-04-04 08:42:07 OPTIONS IMPORT: timers and/or timeouts modified
2023-04-04 08:42:07 OPTIONS IMPORT: --ifconfig/up options modified
2023-04-04 08:42:07 OPTIONS IMPORT: route options modified
2023-04-04 08:42:07 OPTIONS IMPORT: route-related options modified
2023-04-04 08:42:07 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-04-04 08:42:07 OPTIONS IMPORT: peer-id set
2023-04-04 08:42:07 OPTIONS IMPORT: adjusting link_mtu to 1624
2023-04-04 08:42:07 OPTIONS IMPORT: data channel crypto options modified
2023-04-04 08:42:07 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2023-04-04 08:42:07 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2023-04-04 08:42:07 net_route_v4_best_gw query: dst 0.0.0.0
2023-04-04 08:42:07 net_route_v4_best_gw result: via 192.168.216.2 dev eth0
2023-04-04 08:42:07 ROUTE_GATEWAY 192.168.216.2/255.255.255.0 IFACE=eth0 HWADDR=00:0c:29:8e:38:4d
2023-04-04 08:42:07 TUN/TAP device tun0 opened
2023-04-04 08:42:07 net_iface_mtu_set: mtu 1500 for tun0
2023-04-04 08:42:07 net_iface_up: set tun0 up
2023-04-04 08:42:07 net_addr_v4_add: 192.168.56.3/24 dev tun0
2023-04-04 08:42:07 net_route_v4_add: 192.168.56.0/24 via 192.168.56.1 dev [NULL] table 0 metric -1
2023-04-04 08:42:07 Initialization Sequence Completed

As you can see I cant ping the machine. On the right there is kali virtual on which I am running "openvpn client111.ovpn" on the left there is another kali which is running on strong server as virtual machine:



What I am obviously missing is how to setup openvpn config so I can ping/scan machines running on strong server. They can have static IP's or they can have dhcp enabled machines from range 192.168.56.x
If you are going to say that with host only adapter I am unable to do that, then please advice what kind of networking should I use within virtualbox.

[bobor]

Ok, thank you I have finally solved the puzzle. Issue was that I had identical IP setting for openvpn interface and vboxnet0 interface. My bad. Host only config is working but do not forget to add default gw so you can bridge tun0 and vboxnet0