Anyway of finding connected devices on my vpn router from the VPN server itself?

Zonos · 2019-01-29T12:06:22.451Z

Hi!

I’ve setup my own OpenVpn server on AWS using an EC2 instance and I have a GL-AR150 router with OpenWRT configured to connect to the VPN Server.

Now, I want to have some EC2 running network scans such as NMAP on my VPN Network and all the devices that are latched onto it. The only problem is that whenever I run any scanning tools the only thing that is showing up is the router.

Is it possible/way to be able to view all the devices connected through a vpn router on the vpn server (or by a device connected on the same VPN server)? Or is the idea I’m looking for far fetched and impossible

Sorry if I’ve worded anything wrong or confusing!

Thanks!

jeffsf · 2019-01-29T14:29:04.964Z

Let’s say that your VPN end points are 198.51.100.150 (on your AR150) and 192.0.2.102 (in the cloud). Further, your internal net is 10.0.0.0/24. To scan the 10.0.0.0 net from the cloud instance, it needs a route to the internal net, and that internal net needs a route back to the instance itself. I’d bet that one or the both of those routes are missing. (Running your pen-test tooling on the network itself is also an option.)

Zonos · 2019-01-29T15:25:33.592Z

Thanks for the reply! I think you’re probably right, I’m pretty sure I have not routed the instance to the internal net and vice versa. Would something like this have to exist on both the server and client config files? I.e. I am slightly unsure where to add/implement these.

jeffsf · 2019-01-29T16:18:03.287Z

Zonos:

Would something like this have to exist on both the server and client config files?

I’m not certain about the config files vs. static routes, but, yes, the cloud instance needs an interface and a route to the 10.0.0.0 net and the AR150 end point needs a route back to that interface on the cloud instance.

Zonos · 2019-01-29T18:53:07.208Z

Thanks for this! I understand in theory what needs to be done, going to do some digging around to see if i can actually implement it and hope it works.