Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

HOWTO: Kali Linux distro | ONGOING

Guides, HOWTOs etc on how to setup Cryptostorm on PCs, smartphones, tablets and routers.

Topic Author
cryptostorm_ops
ForumHelper
Posts: 104
Joined: Wed Jan 16, 2013 9:20 pm
Contact:

HOWTO: Kali Linux distro | ONGOING

Postby cryptostorm_ops » Fri Feb 21, 2014 6:03 pm

This thread is a repository for findings related to the work several network members have put into producing successful cryptostorm network connections from Kali workstations. That's nontrivial, as the distro doesn't ship with OpenVPN support in the kernel (no Tap driver integration), and has a somewhat idiosyncratic relationship with the OpenSSL libraries.

As I've been working with the most thorough member who has tackled this challenge, I'll be posting into this thread snippets of our communications through the process. We can't report success yet, but we're coming very close. Once we have clean test connects, we'll boil this down to a formal connection guide for ease of reference.

Thank you,

~ c_o


{direct link: kali.cryptostorm.org}


Siv3n

Re: HOWTO: Kali Linux distro | ONGOING

Postby Siv3n » Sat Jun 28, 2014 7:25 pm

I don't understand, I use Kali and cryptostrom work fine and simply with network-manager. What's wrong ?


Guest

Re: HOWTO: Kali Linux distro | ONGOING

Postby Guest » Sun Jun 29, 2014 12:09 am

Doesn't OpenVPN use TUN by default anyways?


twss
Posts: 2
Joined: Sun Jan 04, 2015 4:48 pm

Re: HOWTO: Kali Linux distro | ONGOING

Postby twss » Sun Jan 04, 2015 5:01 pm

I have other problem, I update the openvpn and openssl because the cipher wasnt in my version but when I check the openvpn --version it uses still the old version, could someone please help me?


User avatar

df
Site Admin
Posts: 418
Joined: Thu Jan 01, 1970 5:00 am

Re: HOWTO: Kali Linux distro | ONGOING

Postby df » Sun Jan 04, 2015 10:06 pm

You're probably installing openvpn without specifying --prefix or the openssl version you want it to use, so the correct openvpn is probably in /usr/local/sbin/openvpn (which isn't in your $PATH environment variable).

Try this (in /root/):

Code: Select all

wget --no-check-certificate https://www.openssl.org/source/openssl-1.0.2a.tar.gz;tar zxf openssl-1.0.2a.tar.gz;rm -f openssl-1.0.2a.tar.gz;cd openssl-1.0.2a;./config --prefix=/usr -fPIC no-gost shared zlib;make depend;make;make install;cd ..;wget http://swupdate.openvpn.org/community/releases/openvpn-2.3.6.tar.gz;tar zxf openvpn-2.3.6.tar.gz;rm -f openvpn-2.3.6.tar.gz;cd openvpn-2.3.6;sed -e's/USER_PASS_LEN 128/USER_PASS_LEN 256/' -i src/openvpn/misc.h;./configure --prefix=/usr;make;make install


(UPDATED for OpenSSL 1.0.2a)


twss
Posts: 2
Joined: Sun Jan 04, 2015 4:48 pm

Re: HOWTO: Kali Linux distro | ONGOING

Postby twss » Sun Jan 04, 2015 10:29 pm

Thank you very much it worked!, this should be posted as solution for the Kali linux users

User avatar

jlg
Posts: 92
Joined: Mon May 05, 2014 2:44 am

Re: HOWTO: Kali Linux distro | ONGOING

Postby jlg » Sat Jan 10, 2015 1:39 pm

I was in IRC whilst someone was having issues with Kali I believe from the sounds of it they were using a really out of date OpenVPN version. I offered a few bits of advice to try, but none worked so I'm guessing df's idea works.

That's all I know :-P


Merkle-Damgard
Posts: 2
Joined: Tue Jan 13, 2015 2:47 pm

Re: HOWTO: Kali Linux distro | ONGOING

Postby Merkle-Damgard » Tue Jan 13, 2015 2:58 pm

df wrote:You're probably installing openvpn without specifying --prefix or the openssl version you want it to use, so the correct openvpn is probably in /usr/local/sbin/openvpn (which isn't in your $PATH environment variable).

Try this (in /root/):

Code: Select all

wget --no-check-certificate https://www.openssl.org/source/openssl-1.0.2.tar.gz;tar zxf openssl-1.0.2.tar.gz;rm -f openssl-1.0.2.tar.gz;cd openssl-1.0.2;./config --prefix=/usr -fPIC no-gost shared zlib;make depend;make;make install;cd ..;wget http://swupdate.openvpn.org/community/releases/openvpn-2.3.6.tar.gz;tar zxf openvpn-2.3.6.tar.gz;rm -f openvpn-2.3.6.tar.gz;cd openvpn-2.3.6;sed -e's/USER_PASS_LEN 128/USER_PASS_LEN 256/' -i src/openvpn/misc.h;./configure --prefix=/usr;make;make install


(UPDATED for OpenSSL 1.0.2)

On my kali distro I had to install the following in order for this openvpn compile/install to succeed:

Code: Select all

apt-get install liblzo2-dev
apt-get install libpam0g-dev
apt-get install libssl-dev


CS DNS servers do not get pushed, so I had to edit them manually using resolvconf using

Code: Select all

apt-get install resolvconf
and adding

Code: Select all

nameserver 213.73.91.35
nameserver 194.150.168.168

to

Code: Select all

/etc/resolvconf/resolv.conf.d/head
and then do a regenerate of resolv

Code: Select all

resolv -u
. If you want to authenticate using a password file, you'll have to add

Code: Select all

--enable-password-save
parameter to the

Code: Select all

./configure
command by df.

Hope that may help someone in the future.

User avatar

marzametal
Posts: 520
Joined: Mon Aug 05, 2013 11:39 am

Re: HOWTO: Kali Linux distro | ONGOING

Postby marzametal » Sat May 02, 2015 8:10 am

any updates to this?

User avatar

marzametal
Posts: 520
Joined: Mon Aug 05, 2013 11:39 am

Re: HOWTO: Kali Linux distro | ONGOING

Postby marzametal » Sat May 02, 2015 9:23 am

marzametal wrote:any updates to this?

Ahhhh wth... I typed up a 6 step how to... it friggin' disappeared... so did my edit button.
I will give it a go later, that just did my head in.

User avatar

hackdefendr
Posts: 3
Joined: Sun Apr 26, 2015 5:45 am
Contact:

Re: HOWTO: Kali Linux distro | ONGOING

Postby hackdefendr » Mon May 18, 2015 3:45 am

Something I ran into while setting up my new(ish) laptop with Kali.

Before OpenVPN will work at all, you have to have a tun/tap device (e.g. /dev/tun0).

To do this:

Code: Select all

sudo openvpn --mktun --dev tun0


Then you can run the config command as listed in the HOW TO for Linux, or use Network Manager OpenVPN from the standard Kali apt repository. Noting that with the latest updates to Kali (v1.1.0a) - OpenVPN is version 2.2.1 and works flawlessly after you create the tun/tap device.

Traceroute from the Paris node (Hint: I am not in Paris :lol: )

Code: Select all

[hackdef@kali ~]$ traceroute cryptostorm.is
traceroute to cryptostorm.is (79.134.255.38), 30 hops max, 60 byte packets
 1  10.33.0.1 (10.33.0.1)  118.679 ms  118.991 ms  118.995 ms
 2  195-154-209-1.rev.poneytelecom.eu (195.154.209.1)  124.773 ms  125.174 ms *
 3  195.154.1.132 (195.154.1.132)  125.792 ms  125.818 ms  125.820 ms
 4  a9k1-a9k2.dc3.poneytelecom.eu (195.154.1.2)  125.785 ms  125.753 ms  125.789 ms
 5  pni-th2-a9k1.th2.poneytelecom.eu (195.154.1.37)  125.778 ms  129.461 ms  129.919 ms
 6  init7.45x-1.pni.th2.poneytelecom.eu (195.154.3.229)  129.027 ms  138.062 ms  118.469 ms
 7  r1gva3.core.init7.net (77.109.128.198)  128.537 ms  128.873 ms  128.891 ms
 8  r1qls1.core.init7.net (77.109.128.65)  133.110 ms  133.132 ms r1gva3.core.init7.net (77.109.128.62)  134.394 ms
 9  r1qls1.core.init7.net (77.109.128.65)  133.786 ms r1ber1.core.init7.net (77.109.128.181)  134.401 ms r1qls1.core.init7.net (77.109.128.65)  134.352 ms
10  r1ber1.core.init7.net (77.109.128.181)  135.271 ms  136.144 ms  136.159 ms
11  r1bas1.core.init7.net (77.109.128.130)  149.042 ms r1zrh2.core.init7.net (77.109.128.173)  137.064 ms  135.289 ms
12  r1bas1.core.init7.net (77.109.128.130)  131.364 ms r1bas2.core.init7.net (77.109.140.66)  138.626 ms r1bas1.core.init7.net (77.109.128.130)  131.236 ms
13  gw-backbone-ehf.init7.net (82.197.168.22)  131.287 ms  131.562 ms  135.674 ms
14  gw-backbone-ehf.init7.net (82.197.168.22)  136.235 ms link10421-1g-frankfurt2.backbone.is (79.134.231.9)  140.594 ms  140.781 ms
15  link12022-1g-keflavik2.backbone.is (79.134.231.166)  177.654 ms link10421-1g-frankfurt2.backbone.is (79.134.231.9)  139.868 ms link12022-1g-keflavik2.backbone.is (79.134.231.166)  176.940 ms
16  link10922-1g-reykjavik2.backbone.is (79.134.231.142)  177.112 ms  175.616 ms  178.082 ms
17  link10922-1g-reykjavik2.backbone.is (79.134.231.142)  175.667 ms bafana.cryptostorm.net (79.134.255.38)  174.568 ms link10922-1g-reykjavik2.backbone.is (79.134.231.142)  176.184 ms


Hope this helps bring this topic closer to a resolved status.

Peace,
@HackDefendr
--
@HackDefendr

Now it is time to turn to an older wisdom that, while respecting material comfort and security as a basic right of all, also recognizes that many of the most valuable things in life cannot be measured. --MICHAEL D. HIGGINS


Return to “guides, HOWTOs & tutorials”

Who is online

Users browsing this forum: No registered users and 7 guests

cron

Login