VPN tunnel IP is 172.16.4.2, how can I reverse shell to my local machine, from a box on an attached subnet?

Question

This is the ifconfig:

utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1340
    options=6403<RXCSUM,TXCSUM,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
    inet 172.16.4.2 --> 172.16.4.2 netmask 0xffffffff
    inet6 fe80::aede:48ff:fe00:1122%utun2 prefixlen 64 scopeid 0x11
    inet6 fc00:af6d:6058:7873:9685:4033:8217:541 prefixlen 64
    nd6 options=201<PERFORMNUD,DAD>

routing table:

10.14.1/24         link#17            UCS          utun2
10.14.2/24         link#17            UCS          utun2
10.14.10.10/32     link#17            UCS          utun2

My box is on the other side of the 172.16.4.2 tunnel. I want to start a reverse shell to it from one of the boxes on the 10.14.0.0/24 subnets.

Answer 1

A tunnel has two ends not just 172.16.4.2. If that's your IP on that net interface/link and you want to connect to it from the other side, then you can just connect to it as long as this interface is routed to on the other end and is not blocked by some firewalls etc. Of course, you need an SSH listening on this interface.

Answers to questions in the comment below:

1. The arrow shows a p2p connection with two ends. The first one is local. It looks like a loop to itself, but may still work despite this misconfiguration (or lack of configuration), as it's a p2p and the destination IP is not so important. (See What is the “destination address” for a TAP/TUN device? on SO.)

2. An interface is not a connection. Interfaces can be connected and then there's a connection. A tunnel is somewhat abstract. It suggests going through something (like another pair of interfaces). So the base (VPN) connection carries the second.

3. Ethernet connection is not an interface. You can have an ethernet interface and connect two ethernet interfaces.

4. To squeeze your mind a little more, a VPN can also emulate a switch not a router. See Should I use tap or tun for openvpn?.