Anyway of finding connected devices on my vpn router from the VPN server itself?


#1

Hi!

I’ve setup my own OpenVpn server on AWS using an EC2 instance and I have a GL-AR150 router with OpenWRT configured to connect to the VPN Server.

Now, I want to have some EC2 running network scans such as NMAP on my VPN Network and all the devices that are latched onto it. The only problem is that whenever I run any scanning tools the only thing that is showing up is the router.

Is it possible/way to be able to view all the devices connected through a vpn router on the vpn server (or by a device connected on the same VPN server)? Or is the idea I’m looking for far fetched and impossible

Sorry if I’ve worded anything wrong or confusing!

Thanks!


#2

Let’s say that your VPN end points are 198.51.100.150 (on your AR150) and 192.0.2.102 (in the cloud). Further, your internal net is 10.0.0.0/24. To scan the 10.0.0.0 net from the cloud instance, it needs a route to the internal net, and that internal net needs a route back to the instance itself. I’d bet that one or the both of those routes are missing. (Running your pen-test tooling on the network itself is also an option.)


#3

Thanks for the reply! I think you’re probably right, I’m pretty sure I have not routed the instance to the internal net and vice versa. Would something like this have to exist on both the server and client config files? I.e. I am slightly unsure where to add/implement these.


#4

I’m not certain about the config files vs. static routes, but, yes, the cloud instance needs an interface and a route to the 10.0.0.0 net and the AR150 end point needs a route back to that interface on the cloud instance.


#5

Thanks for this! I understand in theory what needs to be done, going to do some digging around to see if i can actually implement it and hope it works.