Understanding the Hack The Box VPN

Learn about the Hack The Box VPN, when and why it's needed, and how to use it.

Ryan Gordon avatar
Written by Ryan Gordon
Updated over a week ago

At Hack The Box, VPNs are integral to accessing our diverse range of labs and machines. This guide dives into the technical details of VPNs, their necessity in our environment, and provides step-by-step instructions for various platforms.

What is a VPN?

A Virtual Private Network (VPN) extends a private network across a public network, allowing users to send and receive data as if their computing devices were directly connected to the private network. This is achieved through a process known as tunneling, where data packets are encapsulated and encrypted, ensuring secure transmission.

The Role of VPN in Hack The Box

  1. Access to Private Networks: Our labs and machines often operate within private networks. A VPN allows you to join these networks remotely, granting access to resources that aren't publicly available.

  2. Overcoming NAT Limitations: Network Address Translation (NAT) allows a single device, such as a router, to act as an agent between the internet and a local network. This means that all machines on the local network can use a single public IP address but maintain their unique private IPs. VPNs help in traversing through NAT, ensuring your device appears as part of the Hack The Box local network.

Why Not Just Any VPN?

If you are new here, and don't fully understand the reasons behind why a VPN is necessary, you might be questioning whether you need to use the Hack The Box VPN, or if any VPN will do.

Most "VPN" services the average person has been exposed to (NordVPN, PIA, ExpressVPN) market themselves as a privacy tool. They act as an intermediary node between you and the rest of the internet, encrypting your traffic and hiding your IP address from any services you connect to. While these can be useful tools, this is not the primary function of a VPN, but rather a useful side effect of using a VPN that happens to be quite marketable as a service.

The primary purpose of a VPN is to logically place you on a private/local network that is physically somewhere else. It's lets you to tunnel through the internet to establish a connection to a private network (which is likely located behind NAT). When you connect to a VPN network, you get a private IP address on that network, as if you were actually physically connected to it.

That's pretty nifty, since servers and other machines that are connected to a private network, like or cannot be accessed directly from the internet. But, if you tunnel into that network with a VPN, you'll be able to access resources on it without issue.

That is why you need to use the Hack The Box VPN on Machines and other VM targets. They exist on one of our many private lab networks, so to access them, you need to tunnel in.

Is the VPN always needed?

No, actually! The VPN is only needed for what we refer to as VM targets- full fledged virtual machines that spawn on a private subnet. These generally will spawn on either the or subnets. Pro Labs, Machines, Fortresses, Endgames, and Spawnable Sherlocks are all examples of content which require the VPN.

Challenges and many Academy Target Machines (specifically, Docker Targets) do not require the VPN, because these are spawned on a public IP and are able to be routed to over the internet.

The tell tale sign of whether you need you to use the VPN is if the IP of your target machine is a public IP, and if it includes a port number.

If your target IP starts with 10, 192.168, or 172.16-32, then it's on a private IP and you need the VPN. If your target doesn't start with any of the above, and included a specific port number, then it's an internet-accessible docker target, and no VPN is required.

Understanding OpenVPN

OpenVPN is an open-source VPN protocol used to create secure point-to-point or site-to-site connections. We use OpenVPN due to its high security, reliability, and compatibility with various operating systems.

Setting Up OpenVPN


By default, OpenVPN is installed on most Linux distributions. This means you generally won't need to worry about installing it, but you can check by running openvpn in your terminal and seeing if the command is available.

  1. Install OpenVPN: Use your distribution's package manager, e.g., sudo apt-get install openvpn.

  2. Connect: Run sudo openvpn /path/to/yourfile.ovpn.

  3. Check Connection: Look for the "Initialization Sequence Completed" message.


On Mac OS, the OpenVPN client of choice is Tunnelblick.

  1. Install Tunnelblick: A free, open-source OpenVPN client for macOS. You can download the .dmg file from the Tunnelblick website here.

  2. Configure: Import your .ovpn file into Tunnelblick. Generally speaking, you can do this by just double-clicking on the .ovpn file, as this filetype will be associated with Tunnelblick upon installation.

  3. Connect: If Tunnelblick is running, there will an icon in the Menu Bar at the top of your screen. You can click on this to select your OpenVPN configuration and connect.


On Windows, the preferred OpenVPN client is the official OpenVPN Connect client.

  1. Install OpenVPN Connect: Download the .exe installer from the link above, and install the GUI client.

  2. Setup: To import your VPN file, you can either open the OpenVPN Connect panel from your task bar and click the + button to add your OpenVPN

  3. Connect: Via the OpenVPN Connect interface.

Additional Resources

Looking for more information specific to an HTB Platform? Check out these additional articles below:

Did this answer your question?