When I connect to the THM VPN I can access the machines in the network but I can’t submit my answers to the web form because the website (and my internet access in general) stops working. I’m using Kali in a VirtualBox VM on a Windows host with the network adapter in bridged mode. What am I doing wrong? I assume this is not how it’s supposed to work.
EDIT: For clarification: I’m using the VPN in the Kali VM and the internet in the Kali VM stops working. My Windows host is not affected.
Are you running the cli OpenVPN or did you import it? In Network-Manager there is a checkbox “only use for resources on that network” (or something to that effect)
On the config file you could add:
route-nopull
route 10.0.0.0 255.0.0.0 vpn_gateway
Though mine successfully split tunnels by default, so check the above first (and if you are importing into network-manager, try just connecting via cli: sudo openvpn thm-ovpn.conf
Edit: space the config correctly.
Sounds like the routing table is getting set to send all traffic over the VPN rather than just traffic intended for the VPN. This could indicate that your home network is using addresses in the 10.x.x.x range, and the VPN is conflicting with the range you are using.
I found the fix. I had to go to the VPN settings in the network manager → IPv4 tab → Routes → check “use this connection only for resources on its network”.
Thanks for the suggestion, but this is not the case. My home network is using 192.168.x.x range.
Hmm. Check the routing table? Use the “ip route” command to see where each set of addresses get sent to. The openvpn setup file does nothing but create the VPN and forward addresses in that subnet. With issues like this, I often get annoyed enough to pull up wireshark and see where packets are actually getting sent.
Also, maybe double check that you are in bridged mode. The 10.x.x.x range is the default for VirtalBox’s NAT network.
└─$ ip route
default via 10.9.0.1 dev tun0 proto static metric 50
default via 192.168.2.1 dev eth0 proto dhcp metric 100
10.9.0.0/16 dev tun0 proto kernel scope link src 10.9.1.96 metric 50
10.10.0.0/16 via 10.9.0.1 dev tun0 proto static metric 50
54.76.30.11 via 192.168.2.1 dev eth0 proto static metric 100
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.101 metric 100
192.168.2.1 dev eth0 proto static scope link metric 100
That first default is probably he issue. That will send all traffic they doesn’t have a more specific rule to the VPN first, and it blocks the rule that is presumably set for the home network. Not sure why its getting created as my openvpn doesnt do that.
The tryhackme network doesn’t have internet access, so forwarding to that machine just sends them into a black hole.
“sudo ip route del default via 10.9.0.1 dev tun 0” might fix it. I may have gotten that command slightly wrong, so you may have to look it up.
Yup! That did the trick. Thank you so much.
It will likely only be a temporary fix. Wherever made that rule will probably add it again at some point. It’s hard to diagnose what is adding it. You should probably read the vpn setup file (don’t post it here, some details in there are sensitive).
Nothing in the config file looks like it’s doing that so it must be coming from the server.
The server shouldn’t be able to mess with the routing info on the local machine. There must be something local doing it, but it will probably be a pain to find.