Thank you for opting to take the SOC-200: Foundational Security Operations and Defensive Analysis course. The following document contains instructions for connecting to our online VPN labs and other useful information, which will help you get the most out of the course and labs. Please read it carefully.
- SOC-200 online lab introduction
- Connecting to the Challenge labs
- Hazards
- What is a good ping response time?
- vLAN IP Information
- Technical Problems
SOC-200 ONLINE LAB INTRODUCTION
The SOC-200 lab environment is an important part of the online course. The lab allows the learner to practice various evasive penetration testing techniques in a legally safe environment. Each learner has access to several dedicated lab targets. Unless otherwise indicated, access to the Windows machines is done via Remote Desktop and the Linux machines can be accessed via SSH.
CONNECTING TO THE CHALLENGE LABS
Your connection to the lab is to be done with Kali Linux using OpenVPN. We are unable to provide any VPN connectivity support if you choose to use another setup. It is also highly recommended that you download and use the Kali VMware image for the most streamlined experience. For more information, please visit the following link: https://help.offsec.com/hc/en-us/articles/360049796792
You can download the "VPN Connection File" to your Kali Linux machine, from the "Challenge Labs" tab of your OffSec Learning Library control panel. Use OpenVPN to initiate the VPN connection to the labs.
Once downloaded you will find a ovpn file that you will use to connect to the VPN as shown below.
kali㉿kali:~$ sudo openvpn soc-200.ovpn
2021-09-10 13:03:43 Note: Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5).
2021-09-10 13:03:43 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2021-09-10 13:03:43 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
2021-09-10 13:03:43 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
2021-09-10 13:03:43 TCP/UDP: Preserving recently used remote address: [AF_INET]54.39.85.208:1194
2021-09-10 13:03:43 UDP link local: (not bound)
2021-09-10 13:03:43 UDP link remote: [AF_INET]54.39.85.208:1194
2021-09-10 13:03:44 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1569'
2021-09-10 13:03:44 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth SHA256'
2021-09-10 13:03:44 [offensive-security.com] Peer Connection Initiated with [AF_INET]54.39.85.208:1194
2021-09-10 13:03:44 TUN/TAP device tun0 opened
2021-09-10 13:03:44 net_iface_mtu_set: mtu 1500 for tun0
2021-09-10 13:03:44 net_iface_up: set tun0 up
2021-09-10 13:03:44 net_addr_v4_add: 192.168.49.67/24 dev tun0
2021-09-10 13:03:44 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-09-10 13:03:44 Initialization Sequence Completed
When prompted, enter your username and password into the console. Do not close this window, otherwise your VPN connection will terminate!
HAZARDS
Please read this part extremely carefully.
By joining the OffSec VPN, you will be exposing your computers' VPN IP to other learners taking the course with you. Due to the nature of the course (and its participants!), your computer may be subjected to attacks originating from the VPN network. This is true even if you are located behind a NAT device. Kali users, please change the default password!
WHAT IS A GOOD PING RESPONSE TIME?
If your average ping is below 300 ms and without any packet loss, you should not encounter any issues within our labs. Sometimes the ping response time can increase for a few seconds; this can happen if a machine is being reverted by another learner.
We highly recommend that you use a stable, high speed Internet connection such as Broadband or higher to access the labs. Mobile Internet such as 3G or 4G should be avoided.
vLAN IP Information
In the OffSec labs environment, often times the allocated IP address on your vLAN may change from time-to-time, therefore we can provide some guidance on how to reduce the impact of this, by following the recommendations outlined in the in the Common VPN Connectivity Issues guide.
TECHNICAL PROBLEMS
First, please ensure that you have Internet connectivity within your Kali Linux virtual machine. If you do have Internet connectivity and are still unable to connect to the labs, ensure you are not behind any firewalls that are preventing you from establishing an outbound connection to the labs on UDP port 1194.
If you are still having connectivity problems or non-training related issues, please take a look at the article here for the common issues. Should you still have issues, please contact us and we will try to help you to the best of out abilities.
You can submit a ticket.
We wish you a productive and enjoyable time in our labs!
The OffSec Team