From 4bd314cc457261df0010f2502b8c09be6d1cc048 Mon Sep 17 00:00:00 2001 From: jaredhaight Date: Fri, 30 Nov 2018 10:49:16 -0800 Subject: [PATCH 1/5] collects vpn client files to ~/proxycannon-vpn-client for easy download --- setup/install.sh | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/setup/install.sh b/setup/install.sh index 72f17cc..a3d349a 100755 --- a/setup/install.sh +++ b/setup/install.sh @@ -8,7 +8,7 @@ # update and install deps apt update apt -y upgrade -apt -y install unzip git openvpn easy-rsa +apt -y install zip unzip git openvpn easy-rsa # install terraform wget https://releases.hashicorp.com/terraform/0.11.10/terraform_0.11.10_linux_amd64.zip @@ -73,11 +73,25 @@ ip rule add from 10.10.10.0/24 table loadb # always snat from eth0 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE +####################################### +# collect vpn config files to one place +####################################### +mkdir ~/proxycannon-vpn +cp /etc/openvpn/easy-rsa/keys/ta.key ~/proxycannon-vpn-client/ +cp /etc/openvpn/easy-rsa/keys/ca.crt ~/proxycannon-vpn-client/ +cp /etc/openvpn/easy-rsa/keys/client01.crt ~/proxycannon-vpn-client/ +cp /etc/openvpn/easy-rsa/keys/client01.key ~/proxycannon-vpn-client/ +mv ~/proxycannon-client.conf ~/proxycannon-vpn-client/ +chown $SUDO_USER:$SUDO_USER ~/proxycannon-vpn-client/* + + + ############################ # post install instructions ############################ -echo "Copy /etc/openvpn/easy-rsa/keys/ta.key, /etc/openvpn/easy-rsa/keys/ca.crt, /etc/openvpn/easy-rsa/keys/client01.crt, /etc/openvpn/easy-rsa/keys/client01.key, and ~/proxycannon-client.conf to your workstation." +echo "A folder containing the OpenVPN client config has been created at /home/$SUDO_USER/proxycannon-vpn-client." +echo "Download these files by running the following from your workstation (including the trailing period): scp -i proxycannon.pem $SUDO_USER@$EIP:/home/$SUDO_USER/proxycannon-vpn-client/* ." echo "####################### OpenVPN client config [proxycannon-client.conf] ################################" cat ~/proxycannon-client.conf From 2dd83d613359539640d898821b1644a84dd68182 Mon Sep 17 00:00:00 2001 From: jaredhaight Date: Fri, 30 Nov 2018 10:51:03 -0800 Subject: [PATCH 2/5] fixed folder name --- setup/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/install.sh b/setup/install.sh index a3d349a..dc09aae 100755 --- a/setup/install.sh +++ b/setup/install.sh @@ -76,7 +76,7 @@ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE ####################################### # collect vpn config files to one place ####################################### -mkdir ~/proxycannon-vpn +mkdir ~/proxycannon-vpn-client cp /etc/openvpn/easy-rsa/keys/ta.key ~/proxycannon-vpn-client/ cp /etc/openvpn/easy-rsa/keys/ca.crt ~/proxycannon-vpn-client/ cp /etc/openvpn/easy-rsa/keys/client01.crt ~/proxycannon-vpn-client/ From f97fe14aeb804d3d166a42e74a256e4fd3c8ed07 Mon Sep 17 00:00:00 2001 From: jaredhaight Date: Fri, 30 Nov 2018 10:53:07 -0800 Subject: [PATCH 3/5] fixed message and filepath --- setup/install.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/setup/install.sh b/setup/install.sh index dc09aae..c7aea29 100755 --- a/setup/install.sh +++ b/setup/install.sh @@ -91,10 +91,12 @@ chown $SUDO_USER:$SUDO_USER ~/proxycannon-vpn-client/* ############################ echo "A folder containing the OpenVPN client config has been created at /home/$SUDO_USER/proxycannon-vpn-client." -echo "Download these files by running the following from your workstation (including the trailing period): scp -i proxycannon.pem $SUDO_USER@$EIP:/home/$SUDO_USER/proxycannon-vpn-client/* ." - +echo "Download these files by running the following from your workstation (including the trailing period): " +echo +echo "scp -i proxycannon.pem $SUDO_USER@$EIP:/home/$SUDO_USER/proxycannon-vpn-client/* ." +echo echo "####################### OpenVPN client config [proxycannon-client.conf] ################################" -cat ~/proxycannon-client.conf +cat ~/proxycannon-vpn-client/proxycannon-client.conf echo "####################### Be sure to add your AWS API keys and SSH keys to the following locations ###################" echo "copy your aws ssh private key to ~/.ssh/proxycannon.pem and chmod 600" From 6ee7ed4dd516e1f51265535e19275253816249d4 Mon Sep 17 00:00:00 2001 From: jaredhaight Date: Fri, 30 Nov 2018 10:54:37 -0800 Subject: [PATCH 4/5] fixed chown cmd --- setup/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/install.sh b/setup/install.sh index c7aea29..0907c09 100755 --- a/setup/install.sh +++ b/setup/install.sh @@ -82,7 +82,7 @@ cp /etc/openvpn/easy-rsa/keys/ca.crt ~/proxycannon-vpn-client/ cp /etc/openvpn/easy-rsa/keys/client01.crt ~/proxycannon-vpn-client/ cp /etc/openvpn/easy-rsa/keys/client01.key ~/proxycannon-vpn-client/ mv ~/proxycannon-client.conf ~/proxycannon-vpn-client/ -chown $SUDO_USER:$SUDO_USER ~/proxycannon-vpn-client/* +chown -R $SUDO_USER:$SUDO_USER ~/proxycannon-vpn-client From 2caecad82168a4da0d6346c7333d0719062b244f Mon Sep 17 00:00:00 2001 From: jaredhaight Date: Fri, 30 Nov 2018 11:17:03 -0800 Subject: [PATCH 5/5] updated readme instructions on downloading vpn client info --- README.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 557d6a3..93ca3d5 100644 --- a/README.md +++ b/README.md @@ -72,12 +72,10 @@ Perform the following on the control-server: 2. Run `terraform init` to download the AWS modules. (you only need to do this once) #### 5. Copy OpenVPN files to your workstation -Copy the following files from the control-server to the `/etc/openvpn` directory on your workstation: -- ~/proxycannon-client.conf -- /etc/openvpn/easy-rsa/keys/ta.key -- /etc/openvpn/easy-rsa/keys/ca.crt -- /etc/openvpn/easy-rsa/keys/client01.crt -- /etc/openvpn/easy-rsa/keys/client01.key +Copy the contents of the ~/proxycannon-vpn-client folder on your workstation: +``` +scp -i proxycannon.pem ubuntu@:/home/ubuntu/proxycannon-vpn-client/* . +``` Test OpenVPN connectivity from your workstation by running: ```