- root access
- ports 53/udp, 1194/udp, 80/tcp ,443/tcp available
- Docker
VPN setup kylemanna/docker-openvpn
Lookout for your NIC, Network Interface Controller, here eth0 is an example, maybe yours will be something else, find it with 'ifconfig'
Local Area Network IP
$> export VPN_HOST=$(ifconfig eth0 | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
Local Area Network Hostname
$> export VPN_HOST=$(hostname)
Wide Area Network IP
$> export VPN_HOST=$(curl -4 ifconfig.co)
Wide Area Network Hostname
$> export VPN_HOST=$(dnsdomainname)
Lookout for your NIC, Network Interface Controller, here eth0 is an example, maybe yours will be something else, find it with 'ifconfig' command
Local Area Network IP
$> export SPOOF_DNS_IP=$(ifconfig eth0 | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
Wide Area Network IP
$> export SPOOF_DNS_IP=$(curl -4 ifconfig.co)
$> export CIPHER="AES-256-CBC"
$> docker-compose run --rm openvpn ovpn_genconfig -u udp://$VPN_HOST:1194 -C $CIPHER -n $SPOOF_DNS_IP -n 1.1.1.1 -e 'push "redirect-gateway def1 bypass-dhcp"' -e 'push "comp-lzo no"'
$> docker-compose run --rm openvpn ovpn_initpki
$> sudo chown -R $(whoami): ./config/openvpn
$> docker-compose up -d openvpn
$> export CLIENTNAME="your_client_name"
$> docker-compose run --rm openvpn easyrsa build-client-full $CLIENTNAME nopass
$> docker-compose run --rm openvpn ovpn_getclient $CLIENTNAME > $CLIENTNAME.ovpn
link if cannot create client file
Edit two files to replace SPOOFED_IP
- config/dnsmasq/dnsmasq.conf
- config/dnsmasq/spoof.hosts
$> docker-compose up -d
- Connect to your vpn from your device by importing the client ovpn file.
- Browse to http://dnsmasq.madbox to watch domain requests
- Browse to http://traefik.madbox to watch traefik dashboard
- Browse to http://google.com to end up on nginx default index page
$> docker-compose rm -sfv
$> docker network rm madbox_default
Done in one evening (4-5 hours) and a morning (3 hours)
It basically goes like editing your /etc/hosts file on unix !
DNS Servers translate domain to ips, edit the dictionary of the dns server and you can redirect google.com to 127.0.0.1 exactly like adding '127.0.0.1 google.com' to your /etc/hosts file
OpenVPN has a configuration which forces client that connects to it to use a configured dns server and force all ipv4 traffic to pass through it, namely:
- "dhcp-option DNS SOME_DNS_IP"
- "redirect-gateway def1 bypass-dhcp"
Now we can make openvpn clients use the spoofed dns.
I used docker because it is fast, easily configurable & exportable anywhere
Follow the readme and you're golden
I wasted time with an openvpn configuration useless in this case setting up One time password for openvpn clients, besides that, I already figured out what to do.
So many things
- Monitor openvpn server, grafana dashboard
- Monitor/Alerts Nginx incoming request for the spoof domain, grafana dashboard
- Monitor Traefik metrics, grafana dashboard
- Setup fake google.com web site and serve results from another search engine, i.e qwant
- Ansible playbook to skip all manual steps
- Docker swarm for container & volumes High Availability
- Store container logs to elasticsearch via filebeat
- It was fun !
- Learned about addn-hosts dnsmasq directive.