All posts by zitstif

Code, Posts

From Kaspersky with Love – kvrt.run mirror

Leave a comment

Kaspersky offers a free virus scan and removal tool for Linux. However, if you’re in the United States like I am, you’re restricted from downloading it. To bypass this restriction, I’ve set up a Docker automation that uses an OpenVPN connection in another country. I’m sharing this for those who want to use or analyze the tool.

You’ll need to provide your own OpenVPN configuration file for this to work:

http://zitstif.no-ip.org/kvrun/Dockerfile

http://zitstif.com/kvrun/Dockerfile

http://zitstif.no-ip.org/kvrun/run.sh

http://zitstif.com/kvrun/run.sh

SHA256 Checksums:

# sha256sum Dockerfile
eb8e45ab10a50db4b64592f1a3b3edb944f3ffc96ac8bf61917b41d2c5c65186 Dockerfile

# sha256sum run.sh
0898b49cfe223f163051c4427427c43571bf932c8bb5d89e79d748ff0d31e451 run.sh

Build and Run Instructions:

docker build -t openvpn-kaspersky .

docker run --cap-add=NET_ADMIN --device /dev/net/tun --name kaspersky-vpn openvpn-kaspersky

docker cp kaspersky-vpn:/opt/kvrt.run .

Mirrors for Download:

http://zitstif.no-ip.org/kvrt.run
http://zitstif.com/kvrt.run

http://zitstif.no-ip.org/kvrt-hash.txt
http://zitstif.com/kvrt-hash.txt

Code, Posts

Nested VPN Connections Using Docker, OpenVPN, and WireGuard Container

Leave a comment

Recently, I ran into a scenario where I wanted to verify if geo-blocking on a specific UDP port was actually working. The UDP port is set up to only allow connections from the United States. The service running is WireGuard.

  1. The following tools will be needed to perform this:
    • Some sort of Linux distro (I used Kali Linux on a bare metal system; you might be able to do it using a virtual machine).
    • OpenVPN client and config file
    • OpenVPN server located outside of the United States
    • Docker installed and working properly
    • A firewall that supports geo-blocking with appropriate rules set up
    • WireGuard service behind the mentioned firewall
    • WireGuard client config

    The WireGuard container I used for testing is the following: https://github.com/jordanpotter/docker-wireguard

    First, we will connect to the OpenVPN server that is outside of the United States (we want to make sure this VPN connection is a full tunnel):

    openvpn --config Outside.ovpn
  2. You can then verify your connection using: 
    curl ifconfig.me
  3. We will now run the following command to attempt to connect to the WireGuard service from outside of the United States: 
    docker run --name wireguard --cap-add NET_ADMIN --cap-add SYS_MODULE --sysctl net.ipv4.conf.all.src_valid_mark=1  -v /root/OutsideCountry.conf:/etc/wireguard/wg0.conf jordanpotter/wireguard
  4. Next we will spin up a container that will use the docker container named ‘wireguard’ for networking: 
    docker run --rm --net=container:wireguard -ti alpine /bin/ash
  5. Inside of this container you can attempt to see if you have network connectivity to the geo-blocked wireguard service, in my case it proved that geo-blocking was working.
  6. To verify if nested VPN connections even work in this scenario, I have an OpenVpn server that is located in the United States. Once I connected to this server, the container was able to connect to the geo-blocked wireguard service.