At Hack The Box, VPNs are integral to accessing our diverse range of labs and machines. This guide dives into the technical details of VPNs, their necessity in our environment, and provides step-by-step instructions for various platforms.

A Virtual Private Network (VPN) extends a private network across a public network, allowing users to send and receive data as if their computing devices were directly connected to the private network. This is achieved through a process known as tunneling, where data packets are encapsulated and encrypted, ensuring secure transmission.

If you are new here, and don't fully understand the reasons behind why a VPN is necessary, you might be questioning whether you need to use the Hack The Box VPN, or if any VPN will do.
​
Most "VPN" services the average person has been exposed to (NordVPN, PIA, ExpressVPN) market themselves as a privacy tool. They act as an intermediary node between you and the rest of the internet, encrypting your traffic and hiding your IP address from any services you connect to. While these can be useful tools, this is not the primary function of a VPN, but rather a useful side effect of using a VPN that happens to be quite marketable as a service.

The primary purpose of a VPN is to logically place you on a private/local network that is physically somewhere else. It's lets you to tunnel through the internet to establish a connection to a private network (which is likely located behind NAT). When you connect to a VPN network, you get a private IP address on that network, as if you were actually physically connected to it.

That's pretty nifty, since servers and other machines that are connected to a private network, like 10.0.0.0/8 or 192.168.0.0/16 cannot be accessed directly from the internet. But, if you tunnel into that network with a VPN, you'll be able to access resources on it without issue.

That is why you need to use the Hack The Box VPN on Machines and other VM targets. They exist on one of our many private lab networks, so to access them, you need to tunnel in.

No, actually! The VPN is only needed for what we refer to as VM targets- full fledged virtual machines that spawn on a private subnet. These generally will spawn on either the 10.10.10.0/23 or 10.129.0.0/16 subnets. Pro Labs, Machines, Fortresses, Endgames, and Spawnable Sherlocks are all examples of content which require the VPN.

Challenges and many Academy Target Machines (specifically, Docker Targets) do not require the VPN, because these are spawned on a public IP and are able to be routed to over the internet.

The tell tale sign of whether you need you to use the VPN is if the IP of your target machine is a public IP, and if it includes a port number.

If your target IP starts with 10, 192.168, or 172.16-32, then it's on a private IP and you need the VPN. If your target doesn't start with any of the above, and included a specific port number, then it's an internet-accessible docker target, and no VPN is required.

OpenVPN is an open-source VPN protocol used to create secure point-to-point or site-to-site connections. We use OpenVPN due to its high security, reliability, and compatibility with various operating systems.

By default, OpenVPN is installed on most Linux distributions. This means you generally won't need to worry about installing it, but you can check by running openvpn in your terminal and seeing if the command is available.

On Mac OS, the OpenVPN client of choice is Tunnelblick.

On Windows, the preferred OpenVPN client is the official OpenVPN Connect client.

Looking for more information specific to an HTB Platform? Check out these additional articles below: