Learn Ethical Hacking Episode #21: Virtual Private Network (VPN) Setup (Part 2)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will actually connect to a VPN service provider, and I will show you how to prevent DNS leaks as well. Anyway, before I go into all of those technical things, I just wanted to say that VPNs are also a cheap solution if you’re looking for a static IP address. So if you want to setup a home web server, or file-sharing server, with a static IP address you can have a VPN for around $10 a month. That’s a very economical solution for a static IP address, as opposed to going through your ISP provider who will sell it to you for a much larger sum of money. I just wanted to mention that as a bit of extra information.

What we are going to do today is open up this website. I’ve opened up this one, you can open up any other that you would like, but be sure to check the reviews. I am using OpenVPNbook.com because I didn’t need to register, or anything of a kind, I could just start using the VPN service. I don’t need to install any additional software, or anything like that, I just need to download a configuration file, and that is fantastic. That works great for me because there’s minimal work needed, and it’s going to work for you as well. However, if you wish to use a different VPN provider, please feel free to do so. In fact, I encourage you to go out on the internet and have a look around to see which VPN providers are out there, what people are saying about each one of them, and which are the best. Which are the best in terms of cost, privacy, speed, stability, and so on and so forth. Sometimes you will get a VPN and the connection tends to break from time to time. That can be a bit inconvenient. Let’s go ahead and begin the connection process. So, I don’t want PPTP, I want OpenVPN, and which one am I going to take? Okay, let’s take the Germany based VPN. This is a certificate bundle. It should open with ARC manager without any problems. Let’s extract this to the desktop, and then I’ll create a new folder for them. Let’s make it a bit neater, openVPN, there we go. Let’s copy these things into this folder here and move it right there.

Do you remember how we downloaded duplicates of packets with the same name, except one had gnome in the name of the packet and the other one didn’t? So you’ve downloaded the plugins for the gnome network manager, and we’ve downloaded the actual packages for which we can use via a terminal as well. Today, I’m going to connect to a VPN using nothing but terminal. You can also do it through the network manager here. It says VPN connections, configure VPN, as we’ve done before. You just say add, then you can choose here, or you can just import these files here. This is a very simple process and you can do it through a network manager. However, chances are that you will find yourself in an environment that doesn’t have a GUI, and you will need to do it via terminal. The process is not very complicated. You just have two to three commands that you need to type in, and that’s it, no additional configuration is needed. It’s going to auto-load without any problems. Go ahead and clear the screen, you see I’ve been doing some work there, and go ahead and navigate to your desktop. So, /root/Desktop/openVPN/. Let’s see what’s in there. No, I do not want that sort of listing, give me a detailed listing. The LS command has different forms of listings. I can say la, I’ve shown this in one of the first tutorials dealing with the Linux command line interface. So ls -l, and which one shall we choose? We have port 443 going over TCP, TCP port 80, UDP port 25,000, and UDP port 53. I’m going to go ahead with port 443. So type in openvpn – -config vpnbook-de233-, which one is it, tcp443.ovpn, press ENTER, and it’s going to prompt you for a username. Don’t panic. The username is right on the website. See here you have a username. I’m going to go ahead and copy that, press Enter, and we also need the password. I can’t imagine why they added password because it’s a public password for anyone to use. Paste it here, press ENTER, and the connection is now going, it’s being routed, it should be established any moment now. I’m going to go ahead and close this site because I will want to reinitialize Firefox. There you go. Initialization sequence completed. Let’s see where I am. What is my IP? Your IP is 178.162.193.233, and apparently I am in Germany. I can assure you that I am NOT in Germany. That is definitely the IP of the VPN. But, this sort of configuration that we have done now will not withstand the DNS leak test, so we need to actually do some alterations there as well.

In order to protect against DNS leaks, we will need a new terminal, so go ahead and open it. Type in nano /etc/resolv.conf, press enter, and there you go. Now this is generated by the network manager by default, and the nameserver is, this is basically your home router IP address in a LAN. This is not a public IP address, this is one in he LAN that you use to access the router from the LAN network. We don’t want our computer to use our ISP’s DNS servers, do let’s just comment that out. The way this works is your DNS requests are forwarded here to this nameserver, this is basically the IP address of your router, and then your router forwards them to your ISP provider. This in turn records all of your traffic, and this can eventually be used in order to reveal your physical location, which is something we want to avoid. So instead of using the DNS server of your ISP provider, what you want to do is go ahead and type opendns in your browser. I can’t do a DNS test like this because I will show you my IP address, but I assure you that this will not pass. So, where is it? For business, personal, partners, yes, there we go. Go ahead and scroll down and click on DNS, wait for it to open. So on the right side of the page you can see that you have these IP addresses. We have 208.67.222.222, so just go ahead and copy that. This is open DNS which is one of the fastest, safest DNS services on the planet. They’re very nice to use. Other than that, you also have Google’s DNS servers which are 8.8.8.8 and 8.8.4.4, if I’m not mistaken. Nameserver, space, paste, and now I want another one. Name server, space, and I would like to also have this one as well. Now the reason why you are using two IP addresses and not one is because you want to have a fallback. So if this fails, if for whatever reason this server appears to be down, or if your packets fail to reach it, you don’t want your web browser telling you that the connection can’t be established. Instead, you want it to fall back to this one, and then attempt here, and in all likelihood it’s going to pass. Control + O to save it, and Control + X to exit. Do not restart your network manager because it will preload the file once again, and you will again be stuck with the DNS servers of your ISP provider. So let’s just go ahead and see what our DNS leak test says, so check for DNS leak. We’re going to do a standard test. You see the IP address is still shown here. It’s telling me that I’m from Germany, but I’m not. Let’s do a standard test and see what happens here. It says hostname, you see ISP, which we can conclude from the hostname as well, and we have the IP addresses here. Let’s take a look at the ISP here. It says ISP OpenDNS, OpenDNS, OpenDNS. The ISP provider from my own country has not been revealed here, it has been hidden. If I didn’t do this I would definitely have a DNS leak here.

Anyway, that is how to protect yourselves, that is how to establish a tunnel, something of a kind. I strongly encourage you to establish VPN connections from the terminal. You will have pre-configured files, you can even do the configurations manually if you really feel like it. As I said before, you can also do it through the network manager, but I strongly advise against it. The network managers can be different from one system to another, so this is not really a universal way of doing it. Furthermore, there are environments, you will encounter a large amount of environments, that won’t have a GUI, or you will be in an environment that has GUI but you will not have the ability to use it. I advise to you to become comfortable doing such configurations in the terminal. If you really want to do it through the network manager, and if you can’t do it on your own, there are a lot of instructions on the net. If you don’t feel like going through forums, feel free to ask in the questions section, and I will be more than happy to help you out, depending on which network manager you are using. In any case, I bid you farewell, I thank you for watching, and I’ll see you next time.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Leave a Reply

Your email address will not be published. Required fields are marked *