I’ll post changes I’ve made to the original pages here based on lessons learned from real-world deployments and your generous feedback.
20161021: Previously I’d taken a standard Kali image and migrated to LXDE. With the new 2016.2 LXDE ISO that’s no longer necessary, but it is now necessary to install network manager for some of the scripts to work (needs nmcli). Therefore added apt-get install network-manager to the Dropbox Server (Install Kali) section.
Also, fixed a bad path on Dropbox Server (Boot Parameters) under “Configure the Network”.
#!/bin/bash CONF=$(gpg --decrypt --passphrase=<PASSPHRASE> -q /media/root/USB/configs/network.conf.gpg)
Previously documented as /media/root/LOGS/config/network.conf.gpg, which followed a previous naming convention.
20160924: If after launching your tunnels you try SSHing into your Dropbox Server and just get a blank screen then it’s likely there was some sort of ungraceful exit by the Dropbox Server and the Dropbox Relay is keeping the old remote port forwards open. I’ve pulled the power dozens of times on my Dropbox Servers and not had this happen, but of course once deployed at a client site it does. The good thing is that the problem exists on the Dropbox Relay side not at the Dropbox Server. Once power/connectivity is restored to the Dropbox Server it will continue to try and establish the tunnels, so from the Dropbox Client all you have to do is establish a shell on the Dropbox Relay, su to root, and then kill the processes associated with the zombie tunnels. In my case that was the PIDs associated with the processes for ports 11095, 11096, 11097, and 11098.
20160923: I’ve changed a number of the pages to reflect a new naming scheme for the Dropbox Client. Previously I’d been using locally forwarded ports 2222 for SSH, 55901 for VNC, 31280 for Squid, and 9999 for SOCKS because they were easy to remember and I was only dealing with a single Dropbox Server at a time. I just deployed two devices at a time, though, and that became a mess. So now the Dropbox Client local port forwards match the Dropbox Server remote port forwards.
It now looks something like the following:
|Dropbox Server 01||Dropbox Relay||Dropbox Client 01|
|HTTP Proxy (Squid)||3128||11097||11097|
|Dropbox Server 02||Dropbox Relay||Dropbox Client 02|
|HTTP Proxy (Squid)||3128||12097||12097|