At Hack The Box, VPNs are integral to accessing our diverse range of labs and machines. This guide dives into the technical details of VPNs, their necessity in our environment, and provides step-by-step instructions for various platforms.
What is a VPN?
A Virtual Private Network (VPN) extends a private network across a public network, allowing users to send and receive data as if their computing devices were directly connected to the private network. This is achieved through a process known as tunneling, where data packets are encapsulated and encrypted, ensuring secure transmission.
The Role of VPN in Hack The Box
Access to Private Networks: Our labs and machines often operate within private networks. A VPN allows you to join these networks remotely, granting access to resources that aren't publicly available.
Overcoming NAT Limitations: Network Address Translation (NAT) allows a single device, such as a router, to act as an agent between the internet and a local network. This means that all machines on the local network can use a single public IP address but maintain their unique private IPs. VPNs help in traversing through NAT, ensuring your device appears as part of the Hack The Box local network.
Why Not Just Any VPN?
If you are new here, and don't fully understand the reasons behind why a VPN is necessary, you might be questioning whether you need to use the Hack The Box VPN, or if any VPN will do.
Most "VPN" services the average person has been exposed to (NordVPN, PIA, ExpressVPN) market themselves as a privacy tool. They act as an intermediary node between you and the rest of the internet, encrypting your traffic and hiding your IP address from any services you connect to. While these can be useful tools, using this is not the primary function of a VPN, but rather a useful side effect of using a VPN that happens to be quite marketable as a service.
The primary purpose of a VPN is to logically place you on a private/local network that is physically somewhere else. It's lets you to tunnel through the internet to establish a connection to a private network (which is likely located behind NAT). When you connect to a VPN network, you get a private IP address on that network, as if you were actually physically connected to it.
That's pretty nifty, since servers and other machines that connected to a private network, like
192.168.0.0/16 cannot be accessed directly from the internet. But, if you tunnel into that network with a VPN, you'll be able to access resources on it without issue.
That is why you need to use the Hack The Box VPN on Machines and other VM targets. They exist on one of our many private lab networks, so to access them, you need to tunnel in.
Is the VPN always needed?
No, actually! The VPN is only needed for what we refer to as VM targets- full fledged virtual machines that spawn on a private subnet. These generally will spawn on either the
10.129.0.0/16 subnets. Pro Labs, Machines, Fortresses, Endgames, and Spawnable Sherlocks are all examples of content which require the VPN.
Challenges and many Academy Target Machines (specifically, Docker Targets) do not require the VPN, because these are spawned on a public IP and are able to be routed to over the internet.
The tell tale sign of whether you need you to use the VPN is if the IP of your target machine is a public IP, and if it includes a port number.
If your target IP starts with 10, 192.168, or 172.16-32, then it's on a private IP and you need the VPN. If your target doesn't start with any of the above, and included a specific port number, then it's an internet-accessible docker target, and no VPN is required.
OpenVPN is an open-source VPN protocol used to create secure point-to-point or site-to-site connections. We use OpenVPN due to its high security, reliability, and compatibility with various operating systems.
Setting Up OpenVPN
By default, OpenVPN is installed on most Linux distributions. This means you generally won't need to worry about installing it, but you can check by running
openvpn in your terminal and seeing if the command is available.
Install OpenVPN: Use your distribution's package manager, e.g.,
sudo apt-get install openvpn.
sudo openvpn /path/to/yourfile.ovpn.
Check Connection: Look for the "Initialization Sequence Completed" message.
On Mac OS, the OpenVPN client of choice is Tunnelblick.
Install Tunnelblick: A free, open-source OpenVPN client for macOS. You can download the .
dmgfile from the Tunnelblick website here.
Configure: Import your
.ovpnfile into Tunnelblick. Generally speaking, you can do this by just double-clicking on the
.ovpnfile, as this filetype will be associated with Tunnelblick upon installation.
Connect: If Tunnelblick is running, there will an icon in the Menu Bar at the top of your screen. You can click on this to select your OpenVPN configuration and connect.
On Windows, the preferred OpenVPN client is the official OpenVPN Connect client.
Install OpenVPN Connect: Download the
.exeinstaller from the link above, and install the GUI client.
Setup: To import your VPN file, you can either open the OpenVPN Connect panel from your task bar and click the
+button to add your OpenVPN
Connect: Via the OpenVPN Connect interface.
Looking for more information specific to an HTB Platform? Check out these additional articles below: