In this scenario, we configure OpenVPN to connect to PIA's VPN servers and make our Kali machine a node on the PIA VPN network.

Setup

These instructions assume you have set up OpenVPN and it has created an interface tun0 at the IP address 10.8.0.1.

See Kali/OpenVPN for setup instructions.

PIA Configuration

Conveniently, PIA provides OpenVPN configuration files to connect to their VPN servers:

wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
unzip openvpn.zip -d openvpn

Copy the profile and certs into /etc/openvpn/:

sudo cp openvpn/ca.rsa.2048.crt openvpn/crl.rsa.2048.pem /etc/openvpn/
sudo cp "openvpn/US California.ovpn" /etc/openvpn/US.conf

Test Configuration

To test that your OpenVPN is routing traffic through PIA as expected:

1. Check your IP (one way is to search "whats my ip" on duckduckgo, which will tell you your IP and a geolocation)

2. Start OpenVPN (interactively) with the PIA config file:

openvpn --config /etc/openvpn/US.conf

3. Repeat step 1 and confirm the IP and geolocation have changed

Troubleshooting

Use tcpdump to monitor packets traveling through interfaces.

Interference with other network interfaces

I had two network interfaces, wlan1 (an access point/wifi hotspot) and wlan2 (a wifi connection to the internet), connected via iptables so that hotspot traffic on wlan1 was forwarded through to the wifi connection on wlan2. However, this broke when OpenVPN was started with the PIA config file.

To troubleshoot, run tcpdump and watch the wlan1 interface, which hosts the hotspot:

tcpdump -i wlan1

Now visit duckduckgo.com on a client on the hotspot and ensure you see that traffic passing through. Incidentally, if you monitor wlan1 you will see the hostname of the hotspot client visiting duckduckgo, but if you monitor wlan2 you will see the hostname of the computer serving as the hotspot access point.

While monitoring a normal connection, you should see packets going FROM the hotspot client hostname TO some destination that is either an IP address or an esoteric cloud URL, and you should also see packets going FROM the destination back TO the hotspot client hostname.

While monitoring the hotspot wifi interface while the OpenVPN connection was on, I would see packets going FROM the hotspot client TO the destination, but would not see any packets going FROM the destination making it back TO the hotspot client.

Flags

Kali Linux "The quieter you become, the more you are able to hear." Penetration testing Linux distribution. Kali  · Category:Kali Kali/Wireless Reboot Kali Software: Kali Tools Kali Top 10 Aircrack  · Wireshark  · John the Ripper  · Nmap  · Metasploit Framework Dsniff  · Tcpdump  · Hydra  · Sqlmap  · Burpsuite  · Commix Dirbuster  · Valgrind Attack Workflow: Kali/Workflow 1 Physical Attacks: Kali/Layer 1 Attacks 2 Data/MAC Attacks: Kali/Layer 2 Attacks 3 Network Attacks: Kali/Layer 3 Attacks 4 Transport Attacks: Kali/Layer 4 Attacks 5 Session Attacks: Kali/Layer 5 Attacks 6 Presentation Attacks: Kali/Layer 6 Attacks 7 Application Attacks: Kali/Layer 7 Attacks Red Team Blue Team Metasploitable - Red Team Metasploitable - Blue Team Networking: Kali/Hotspot  · Kali/OpenVPN  · Kali/OpenVPN/Hotspot  · Kali/OpenVPN/PIA Kali/IPv6 Booting: Kali/Dual Boot OS X  · Kali/Live USB  · Kali/Persistent USB Installing: Kali/Installing  · Kali/Post Install  · Kali/Fixes Kali on Raspberry Pi: Kali Raspberry Pi  · Kali Raspberry Pi/Installing  · Kali Raspberry Pi/Headless  · Kali Raspberry Pi/Post-Install Category:Security  · Category:Wireless  · Category:Passwords  · Category:Man in the Middle  · Category:Evil Twin Flags  · Template:KaliFlag  · e

OpenVPN a tool for creating and connecting to virtual private networks. OpenVPN  · Category:OpenVPN Creating a Static Key VPN: OpenVPN/Static Key Configuring Your DNS: DNS Category:VPN  · Category:Security  · Category:Anonymous Browsing  · Category:Networking Flags  · Template:OpenVPNFlag  · e

Networking pages and notes about computer networks. Category:Networking Wired Networks: Man in the Middle attack vectors on wired networks: Man in the Middle/Wired Packet analysis with Wireshark: Wireshark Packet Analysis Linux networking: Linux/Networking Wireless Networks: Using Aircrack: Aircrack Many Ways to Crack a Wifi: Cracking Wifi Linux Networking Linux/Networking  · Linux/SSH  · Linux/File Server Virtual Networks: Notes on OpenVPN: OpenVPN Setting Up a Static Key VPN: OpenVPN/Static Key Settings, Services, and Protocols: Domain Name Servers: DNS  · Linux/DNS IP Version 6: IPv6 Tools: Wireshark  · SSH  · Stunnel  · Tor  · Ettercap  · Aircrack  · Tcpdump Tunnels: Tunnels  · HTTP and HTTPS  · SSH Tunnels  · Linux/SSH Flags  · Template:NetworkingFlag  · e