RIPT 21 – Errata

I’ll post changes I’ve made to the original pages here based on lessons learned from real-world deployments and your generous feedback.

20161021: Previously I’d taken a standard Kali image and migrated to LXDE. With the new 2016.2 LXDE ISO that’s no longer necessary, but it is now necessary to install network manager for some of the scripts to work (needs nmcli). Therefore added apt-get install network-manager to the RIPT Server (Install Kali) section.

Also, fixed a bad path on RIPT Server (Boot Parameters) under “Configure the Network”.

vi/vim/nano /root/scripts/netset.sh

#!/bin/bash
CONF=$(gpg --decrypt --passphrase=<PASSPHRASE> -q /media/root/USB/configs/network.conf.gpg)

Previously documented as /media/root/LOGS/config/network.conf.gpg, which followed a previous naming convention.

20160924: If after launching your tunnels you try SSHing into your RIPT Server and just get a blank screen then it’s likely there was some sort of ungraceful exit by the RIPT Server and the RIPT Relay is keeping the old remote port forwards open. I’ve pulled the power dozens of times on my RIPT Servers and not had this happen, but of course once deployed at a client site it does. The good thing is that the problem exists on the RIPT Relay side not at the RIPT Server. Once power/connectivity is restored to the RIPT Server it will continue to try and establish the tunnels, so from the RIPT Client all you have to do is establish a shell on the RIPT Relay, su to root, and then kill the processes associated with the zombie tunnels. In my case that was the PIDs associated with the processes for ports 11095, 11096, 11097, and 11098.

20160923: I’ve changed a number of the pages to reflect a new naming scheme for the RIPT Client. Previously I’d been using locally forwarded ports 2222 for SSH, 55901 for VNC, 31280 for Squid, and 9999 for SOCKS because they were easy to remember and I was only dealing with a single RIPT Server at a time. I just deployed two devices for one client, though, and that became a mess. So now the RIPT Client local port forwards match the RIPT Server remote port forwards.

It now looks something like the following:

RIPT Server 01 RIPT Relay RIPT Client 01
SSH 22 11095 11095
VNC 5901 11096 11096
HTTP Proxy (Squid) 3128 11097 11097
SOCKS Proxy 9999 11098 11098

 

RIPT Server 02 RIPT Relay RIPT Client 02
SSH 22 12095 12095
VNC 5901 12096 12096
HTTP Proxy (Squid) 3128 12097 12097
SOCKS Proxy 9999 12098 12098

Leave a Reply

Your email address will not be published. Required fields are marked *