Tag: configure

  • Phone Factor – Two Factor Authentication

    Phone Factor – Two Factor Authentication

    If you want to be really secure now days you need more than just a password. you need another type of authentication. Blood is the best thing to use to authenticate yourself, DNA is like 1,000,000,000x unique. Wouldn’t it be great when your getting money out of the ATM a needle would come out to prick you and take your DNA, not really. Phone factor is a program that calls you on your phone (or text) makes you press # on your phone after you put in your password. So even if the hacktivists steal your username and password and post it on pastebin someone would still need your phone to get in to your playstation account or whatever.

    Here I will show you how to setup Phone Factor to call you after you sign in to your VPN. So basically you just install Phone Factor on a box in between the VPN device, In my case a SonicWALL SSL-VPN 200 and the server that authenticates you, in my case a windows 2003 box running IAS.

    Here on the VPN device just put in the IP address on the box you installed Phone Factor on. You will have to change the timeout to something higher to give Phone Factor enough time to call you and for you to answer back.

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    On Phone factor you put in the IP address on the VPN, the shared secret, and the port the VPN uses (1812 for RADIUS).

    Then put in the RADIUS servers IP, shared secret, and what port it uses.

    on the users tab you will enter in the usernames and phone numbers. The free version of phone factor allows 10 users i think.

    In the radius server just put in the system’s IP that has phone factor installed on it as the new client and you should be good to go assuming you have the radius box configured correctly.

    After that you can log in, put in your username/password. you will get a call on your phone telling you to press #, then that’s it your in!

    Please do not email me if you having troubles, this is pretty straight forward and the only problem i ran into was the timeout part on the vpn appliance.

  • Bypassing your company’s web filter

    Bypassing your company’s web filter

    are you trying to go to facebook or watch porn at work and are being blocked by your company’s firewall or web filter?

    SSH tunneling is your way to get unfiltered web access at work, just don’t get caught.

    The ssh daemon/service is usually more known with Linux systems. When SSHed in at work, I had a couple of the guys that were more familiar with linux see my command shell to my windows box and ask “are you SSHed into a windows box?” and I reply “why yes I am”

    So this is what you need:

    one internet connection
    one windows box (xp will work, im pretty sure these two programs install on XP)
    winSSHD
    CCproxy
    SSH client (putty, openSSH)
    a router/firewall that can NAT/port forward TCP port 22

    Download winSSHD here and CCproxy here. Install Both.

    winSSHD can be left alone with default configuration. CCproxy has to be configured to run as a service and a port, i used 8080.

    Port forward/NAT TCP port 22 to your SSH server.

    On your workstation at work or school. install putty or openSSH client. I use openSSH, it’s command line. OSX already has SSH client commands installed but I use Jellyfissh to manage my SSH tunnels.

    once installed open a command window and type:
    ssh -f xx.xx.xx.xx(your public IP) -L 8080:(IP address of the SSH server):8080 username(username on server) -N
    The command should look something like this:
    ssh -f 12.63.58.112 -L 8080:192.168.0.2:8080 administrator -N
    It should say something about a key, just type yes.
    then it should ask you for a password. if it failed it will tell you, if it connected it won’t say anything.

    Now you have to configure your browser to use a proxy on the loopback address(127.0.0.1) and use port 8080.

    Now if you go to ipchicken you should see the IP address of your internet connection at home and not your works IP address.

  • Android OS with SonicWALL L2TP server

    Android OS with SonicWALL L2TP server

    The main thing about the droid is that is uses xauth, DES for phase 2 of the IPsec negotiation, and L2TP has to be configured on the Sonicwall.

    On the Droid the settings are pretty basic.

    In the Droid go to settings > Wireless & Networks > VPN settings

    Add VPN > add L2TP/IPsec PSK VPN

    VPN name: office

    VPN server: vpn.office.com or IP address

    IPsec pre-shared key: enter the shared secret off the general tab of the WAN GroupVPN

    Make sure the L2TP secret is disabled

    The DNS search domains is optional .

    Sonicwall configuration:

    On the Sonicwall go to VPN > settings and edit the WAN GroupVPN. On the General Tab make up a pre-shared key.

    On the proposal tab change the encryption for phase 2 to DES. You can leave the lifetime at defaults.

    On the Advanced tab, enable XAuth and set the user group to Trusted users.

    On the Client tab, allow connects to: all secured gateways, and enable set default route as this gateway.

    Now under VPN > L2TP server, configure a L2TP IP pool that is on a different subnet that your LAN. L2TP has to route.

    Go to Users > Local Users. Add a new user, goto the VPN access tab and give the user access to firewall subnets, L2TP pool and WAN Remote Access Networks.

    Make sure you reconfigure a default outbound NAT policy to nat the L2TP clients out. This can be done just by changing the inbound interface to any. Some versions of firmware will make a L2TP outbound NAT policy for you.

    If you run into any issue don’t forget to check the logs on the sonicwall.

    Sorry i don’t have any pretty pictures for you to follow. If you have any issues please don’t contact me. I will not answer.