search

pry0cc / axiom

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
MIT License
4k stars 622 forks source link

problem running axiom-deploy openvpn #376

Open kusayuzayushko opened 3 years ago

kusayuzayushko commented 3 years ago 
crypto@desktop ~ $ axiom-deploy openvpn proxy
installing 'openvpn' : 'proxy'
Uploading profile to 'proxy'
sending incremental file list
29083.sh
            370 100%    0.00kB/s    0:00:00 (xfr#1, to-chk=0/1)

sent 312 bytes  received 35 bytes  138.80 bytes/sec
total size is 370  speedup is 1.07

...

Okay, that was all I needed. We are ready to set up your OpenVPN server now.
Hit:1 https://download.docker.com/linux/ubuntu focal InRelease
Hit:2 http://dl.google.com/linux/chrome/deb stable InRelease
Get:3 http://mirrors.digitalocean.com/ubuntu focal InRelease [265 kB]
Hit:5 http://ppa.launchpad.net/longsleep/golang-backports/ubuntu focal InRelease
Hit:6 http://mirrors.digitalocean.com/ubuntu focal-updates InRelease
Hit:7 http://mirrors.digitalocean.com/ubuntu focal-backports InRelease
Get:8 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Hit:4 https://apt.vulns.sexy stable InRelease
Fetched 379 kB in 1s (461 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
iptables is already the newest version (1.8.4-3ubuntu2).
iptables set to manually installed.
ca-certificates is already the newest version (20210119~20.04.1).
openssl is already the newest version (1.1.1f-1ubuntu2.4).
openssl set to manually installed.
You might want to run 'apt --fix-broken install' to correct these.
The following packages have unmet dependencies:
 openvpn : Depends: libpkcs11-helper1 (>= 1.11) but it is not going to be installed
 scrying : Depends: libwebkit2gtk-4.0-37 but it is not going to be installed
E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution).
mv: cannot stat '/etc/openvpn/EasyRSA-3.0.5/': No such file or directory
chown: cannot access '/etc/openvpn/easy-rsa/': No such file or directory
/home/op/vpn/openvpn.sh: line 234: cd: /etc/openvpn/easy-rsa/: No such file or directory
/home/op/vpn/openvpn.sh: line 236: ./easyrsa: No such file or directory
/home/op/vpn/openvpn.sh: line 237: ./easyrsa: No such file or directory
/home/op/vpn/openvpn.sh: line 238: ./easyrsa: No such file or directory
/home/op/vpn/openvpn.sh: line 239: ./easyrsa: No such file or directory
/home/op/vpn/openvpn.sh: line 240: ./easyrsa: No such file or directory
cp: cannot stat 'pki/ca.crt': No such file or directory
cp: cannot stat 'pki/private/ca.key': No such file or directory
cp: cannot stat 'pki/issued/server.crt': No such file or directory
cp: cannot stat 'pki/private/server.key': No such file or directory
cp: cannot stat 'pki/crl.pem': No such file or directory
chown: cannot access '/etc/openvpn/crl.pem': No such file or directory
/home/op/vpn/openvpn.sh: line 246: openvpn: command not found
Created symlink /etc/systemd/system/multi-user.target.wants/openvpn-iptables.service → /etc/systemd/system/openvpn-iptables.service.
Failed to restart openvpn@server.service: Unit openvpn@server.service not found.
cat: /etc/openvpn/easy-rsa/pki/ca.crt: No such file or directory
sed: can't read /etc/openvpn/easy-rsa/pki/issued/client.crt: No such file or directory
cat: /etc/openvpn/easy-rsa/pki/private/client.key: No such file or directory
sed: can't read /etc/openvpn/ta.key: No such file or directory

Finished!

And therefore:

crypto@desktop ~ $ axiom-vpn proxy
receiving incremental file list
client.ovpn
            288 100%  281.25kB/s    0:00:00 (xfr#1, to-chk=0/1)

sent 49 bytes  received 301 bytes  140.00 bytes/sec
total size is 288  speedup is 0.82
[sudo] password for crypto: 
2021-07-02 13:07:07 Unrecognized option or missing or extra parameter(s) in /tmp/proxy.ovpn:14: block-outside-dns (2.5.2)
2021-07-02 13:07:07 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2021-07-02 13:07:07 OpenVPN 2.5.2 [git:makepkg/23ae78e657052748+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 21 2021
2021-07-02 13:07:07 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
2021-07-02 13:07:07 OpenSSL: error:0909006C:PEM routines:get_name:no start line
2021-07-02 13:07:07 OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
2021-07-02 13:07:07 Cannot load inline certificate file
2021-07-02 13:07:07 Exiting due to fatal error

I'm on Manjaro and I guess it's something with my system. Have any idea what exactly is wrong and how to fix it?

kusayuzayushko commented 3 years ago

Actually, it's not my system. sudo apt update -y; sudo apt --fix-broken install -y on the axiom instance fixes the issue. Hope it'll help someone

0xtavian commented 3 years ago

@kusayuzayushko thanks, more evidence that the Packer provisioner files need some work. I'll see what I can do this week.

mrtnrdl commented 3 years ago

I have the same error - unfortunately, your fix doesn't work for me. (Ubuntu 21.04 up to date; axiom up-to-date)

0xtavian commented 3 years ago

@kusayuzayushko does this work for you? https://jamesonhacking.blogspot.com/2021/04/using-axiom-to-send-burp-suite-requests.html

mrtnrdl commented 3 years ago

At least it works for me - it shouldn't work without --single at the moment, as the referenced $tmp folder only gets created with --single.

I've tried fixing it through just creating the folder every run, but then there is the haproxy.cfg file missing. So to fix it completely, one must create a valid/working haproxy.cfg as a default and overwrite it if --single is passed as an argument.