2
I've setup my own OpenVpn server on AWS using an EC2 instance and I have a router with OpenWRT configured to connect to the VPN Server.
Now, I want to have some EC2 running network scans such as NMAP on my VPN Network and all the devices that are latched onto it. The only problem is that whenever I run any scanning tools the only thing that is showing up is the router.
Is it possible/way to be able to view all the devices connected through a vpn router on the vpn server (or by a device connected on the same VPN server)? Or is the idea i'm looking for far fetched and impossible
Sorry if i've worded anything wrong or confusing!
Thanks
Edit:
Server config
port 1194
proto udp
dev tun
ca ca.crt
cert xxxx.crt
key xxxx.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push \"redirect-gateway def1 bypass-dhcp\"
push \"dhcp-option DNS 208.67.222.222\"
push \"dhcp-option DNS 208.67.220.220\"
keepalive 10 120
tls-auth xxxx.key 0
key-direction 0
ncp-ciphers \"AES-128-CBC\"
cipher AES-128-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
Client config
client
dev tun
proto udp
remote XXX 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
cipher AES-128-CBC
auth SHA256
key-direction 1
verb 3
Syn
Posted 2019-01-28T17:29:11.223
Reputation: 21
So running that is fine, except the IP address it shows is the OpenWRT router. However, i'm looking to find the list of IP's/devices that are connected to that router from the OpenVPN box - Any ideas? – Syn – 2019-01-28T22:52:49.190
I don't think questioning the router from the OpenVPN box would be a good idea.There might be an API on the router or at least using SNMP to list the IPs connected to it. Check the router's documentation. – Algeriassic – 2019-01-29T02:05:35.100
Could I not route the instance to the internal net and vice versa. To allow the instance to be able to see the connected devices on the router? – Syn – 2019-01-29T15:27:34.783
I am a little confused here. Is the VPN tunnel between your users and the router or OpenVPN? If the VPN tunnel terminates on the OpenVPN box, you should be able to see all users connected to it – Algeriassic – 2019-01-29T15:46:11.303
The VPN tunnel terminates on the OpenVpn Box/Instance. So the users connect to a router which is configured to route all traffic to the OpenVPN box. Which works fine, but as mentioned, the OpenVpn box can only see the router and not the devices connected to the router. Hope that clears it up! – Syn – 2019-01-29T15:53:54.953
The router here is doing port forwarding. Nothing to do with the VPN tunnel. What do you see on your OpenVPN admin interface when you click on "Current Users" on the left hand side? – Algeriassic – 2019-01-29T16:01:00.547
I don't have the OpenVPN admin interface setup yet, but whenever I run the command above, I can successfully see the router's public IP address. I'm confident to say i don't think the router is port forwarding, but once again I'm no expert so I could be wrong! I've added the config files to the original post to make things a little clearer. – Syn – 2019-01-29T18:20:31.510
what this command returns back?
cat openvpn-status.logor maybecat /etc/openvpn/openvpn-status.log– Algeriassic – 2019-01-29T19:37:41.450Hey sorry for the late reply the output is:
OpenVPN CLIENT LIST Updated,Mon Feb 4 22:15:11 2019 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since client1,XXXXXX,1708083,16724341,Mon Feb 4 21:57:59 2019 ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref 10.8.0.6,client1,XXXX,Mon Feb 4 22:15:06 2019 GLOBAL STATS Max bcast/mcast queue length,0 END– Syn – 2019-02-04T22:15:47.353And this is your router's IP address? – Algeriassic – 2019-02-05T23:19:28.057
That's right yeah. I've still had no luck, when i try to do
sudo route add -net 192.168.8.0/24 gw 10.8.0.2on my OpenVpn Box i still can't ping or find individual devices connected the OpenVpn Client/router – Syn – 2019-02-05T23:24:08.213