Netsec VPN on Kali VM

WireGuard client setup for netsec.isi.jhu.edu tunnel

• Create WireGuard Client configuration /etc/wireguard/wg0.conf with the following contents (make sure to update your ip address)

[Interface]
PrivateKey = <my_priv.key>
Address = <youripaddress>/32
DNS = 172.16.0.10

[Peer]
PublicKey = <shikra.pub>
AllowedIPs = 172.16.1.0/24, 172.16.0.0/24
Endpoint = 128.220.249.5:51820
PersistentKeepalive = 25

• Once you are in the tunnel, you can log in to kali1-rpi.netsec.isi.jhu.edu, kali2-rpi, or kali3-rpi using your [email protected] and your initial password you were provided (note, you will be forced to change it on your initial login).
• Other references
  • https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-debian-11
  • https://serversideup.net/how-to-configure-a-wireguard-macos-client
  • https://serversideup.net/how-to-configure-a-wireguard-windows-10-vpn-client.

(old notes) NS-Public vpn on Kali VM

• To setup ns-public vpn, ensure that your VM has Internet connectivity
• Install openvpn using: $ sudo apt-get install openvpn
• Next, edit /etc/network/interfaces and add these lines:

  allow-hotplug tap0  
  iface tap0 inet dhcp  
  

• Reload and restart networking using $ sudo systemctl daemon-reload && sudo systemctl restart networking
• Start openvpn manually using: $ sudo openvpn --config YOUROVPNFILENAME.ovpn
• You should now see a tap0 device and you should be able to ping nodes on ns-public (e.g., 172.16.0.10)

(old notes) Alternate that allows internet connectivity via a second virtual ethernet adapter

• Connect both network adapters and confirm internet connectivity is working in the VM
• Identify what the IP address for the second network adapter is (inside the VM)
• Edit your JHEDID.ovpn and comment out the line with nobind by adding a semicolon before it (i.e., ;nobind)
• Attach the VPN as described on the Wiki but with an additional argument that specifies the IP address of your second ethernet adapter: $ sudo openvpn --config JHEDID.ovpn --local <IPADDRESSNIC2>
• Then, run the command: $ ip route
• You should see two default routes in the resulting list
  • One will be associated with tap0 and that one is the one to note
• Next, you will need to delete it by running: $ sudo ip route del default via 172.16.0.1 dev tap0
• If dns is not working, you might need to alter your /etc/resolv.conf and add some nameservers (e.g., nameserver 8.8.8.8)