IssueAfter adding an the HTB OpenVPN profile to Kali Linux 2020.1, upon connecting to the VPN, an additional default route is added to Kali's routing table forcing all internet traffic to the HTB environment where there isn't actually an internet connection.
This blog post walks through setting up the VPN and removing the extra default route, plus scripting the connection to the VPN since it add the broken route every time the VPN connects.
Download OpenVPN creds from HTBGet your OpenVPN file from here: https://www.hackthebox.eu/home/htb/access
It comes downloaded as
. I renamed my file to
HackTheBox.ovpn. This will become the name of the VPN connection we see in the GUI.
Adding VPN connection to KaliVerify network connections first:
Now to add the the OpenVPN connection to your list of linux networks:
sudo nmcli connection
Verify the new network connection was added:
sudo nmcli connection import type openvpn file Downloads/HackTheBox.ovpn
sudo nmcli connection
In the top right of the screen you can also verify the VPN was added. Toggling the checkbox will connect and disconnect from the VPN respectively.
Fixing Internet Routing issue:
This guide is assuming 1 wired connection and 1 VPN connection. After connecting to the HTB VPN, some users may find their Kali Linux machine no longer can reach the Internet, but is still able to reach the lab environment VMs. This issue is due to the VPN connection adding a more preferred default route out the VPN tunnel interface.
The route marked 1 in the picture above is an unneeded default route to the HTB environment. The route marked 2 is the default route where internet bound traffic should be sent. This is because the gateway (router.asus.com) is my router, while 10.10.14.1 is the HTB environment on the other end of the VPN tunnel.
If we remove the first default route, our internet bound traffic will use route 2. HTB traffic will remain unaffected and be handled by these two routes which are already installed in the routing table:
sudo route del -net default gw 10.10.14.1 netmask 0.0.0.0 dev tun0
After running that the routing table is fixed:
Bash script fix
Every time you disconnect and reconnect to HTB, you'll have to remove the default route. Here is a quick bash script to simply the connection process. Make a file called
ConnectToHTB.To make it executable:
chmod 755 ConnectToHTB
Added this to the file:
# Turn on HTB VPN Connection nmcli connection up d7aa1e3e-f13f-47b1-8c4a-a99d73bf4dd3 # Remove default route to HTB to allow Internet access in Linux sudo route del -net default gw 10.10.14.1 netmask 0.0.0.0 dev tun0
d7aa1e3e-f13f-47b1-8c4a-a99d73bf4dd3in the first command with the UUID of your VPN connection, which can be found using
Now to connect to HTB,
./ConnectToHTBfrom the terminal.
Thanks for reading
Hopefully this doesn't end up as a double comment, but my last comment just didn't show up.ReplyDelete
In any case, for anyone stumbling across this from the internet, there is far simpler solution. You can just tell network manager not to add the default route.
$ nmcli connection import type openvpn file [username].ovpn
$ nmcli connection edit [username]
# Change connection name to something useful
> set connection.id htb
# Disable default routes
> set ipv4.never-default true
> set ipv6.never-default true
# Save the connection changes
$ nmcli connection up htb