networking - What would be the role of a Raspberry Pi hooked to a harddisk and a VPN?

26
2014-06
  • Cedric Martin

    I'm trying to troubleshoot the network at the SME of my girlfriend: the previous network admin was more or less trying to blackmail them (for example refusing to give the passwords of the various devices: NAS etc. unless he'd get money) so they got rid of him.

    Now we're changing all the passwords from all the computers, cams, NAS, etc. and I found something weird in the cellar, next to the rack I found a little enclosure (not looking very professional, with apparently a hand-made hole to allow cables to pass into it): I opened it and it contains a Raspberry Pi hooked by USB to what is apparently a harddisk. There are two connections to that Raspberry: one USB cable to the harddisk and one ethernet cable which plugs into a TPLink VPN (the cable going to/from the Raspberry plugs into one of the four ethernet ports, not into the WAN port).

    What would be the role of such a device in a "normal" company which has nothing to do with IT: it's a tax accounting company which has two small offices (hence the VPN)?

    How can I find exactly what this Raspberry PI is used for? (I'm concerned that by turning it off I'd mess the network config)

    Could this be some backup thing?

    Note that I don't know if superuser is the correct stackexchange site to ask such a question and seen that I don't know what this Raspberry is used for, I don't know which tags to use.

    Any help is very much appreciated.

    • Answers
  • MariusMatutiae

    Asking this is a bit like: what is the purpose of this book? It has two hardcovers, many pages, an index and a glossary. You will never know until you look into it.

    The USB disk contains some data, its ethernet port allows communication with both LAN and WAN. I don't understand why you are claiming it is hooked into a VPN.

    Raspberry PIs, though diminutive in size, are just full-purpose computers. You can write code running on them for just about anything. Given the nature of the person who set this up and its location, its most likely use is as a backdoor into your system. The use of a backdoor is once again as general as it can be, including generally all sorts of nefarious schemes.

    It seems unlikely though that it performs any network-related useful task. In your shoes, I would just unhook it from your network, and see what is going on. In any case, even if it were performing anything useful, how could you trust that it does not perform anything misschievious on the side?

    Apart from using a network monitoring tool (which would yield much precious information), you may want to check the contents of the disk (if it is encrypted, then you can be pretty sure it was being used for illicit schemes), and the SD card of the RPi. You can get just plug the card into your pc, mount it and peruse the files that start automatically, i.e. the contents of /etc/init.d, /etc/rc.local, the existence of programs like autossh, openvpn and so on. Once again, if the card if encrypted, it is a safe bet he was up to something misschevious.

    If you are really interested in this, and neither component is encrypted, then you may try using a hypervisor program (VirtualBox, HyperV, KVM, Xen, depending on your platform) to build a Virtual Machine booting from the SD card. There must be a billion Google references to Forensics in a Virtual Environment/Machine...

    But most of all, I would very quickly unplug it.


    • Related Question

    Using a Raspberry Pi as a VPN?
  • sudo rm -rf

    So I'm sure many of you have heard of the new Raspberry Pi project. I was looking at messing around with Model B, which has the following relevant specs:

    Broadcom BCM2835 700MHz ARM1176JZFS processor with FPU and Videocore 4 GPU
256MB RAM
Boots from SD card, running the Fedora version of Linux (ARM Version)
10/100 BaseT Ethernet socket
USB 2.0 socket

    So I was curious if it would be possible to create a simple VPN out of this little machine. I do realize that since it's an ARM processor that might mess up quite a few things. Any ideas if this is possible?

    Just for what it's worth, this would be a personal project so I'm not worried about performance.


    • Related Answers
  • slhck

    People have built OpenVPN for BeagleBoard, so, in the worst case, you should be able to do something similar. The Raspberry has a lot of press, so it's possible there'll be pre-compiled packages available in the near future, also.

    I see this Fedora ARM package. I'm unfamiliar with the naming conventions for non-Intel builds, so I'm not sure if that fits, though.

  • slhck

    I'm not a huge Linux expert by any means and so the various tutorials were not enough for me to get a PPTP VPN working on the Pi. I wanted PPTP as Windows 7 and iDevices support it out the box. I finally got it working and documented the process in my blog:

    RaspberryPi as a PPTP VPN Server - HOWTO

    In summary, yes the RasPi can definitely function as a VPN endpoint (that costs £35 and uses 5W electricity...) and it does so well. I used the Arch Linux distro but no reason Fedora shouldn't work. I haven't tried having more than two clients connected though.

  • slhck

    It can run Fedora. You can get VPN code for Fedora, in fact it's powerful enough to run a decent Fedora desktop – it'll run a simple VPN just fine.

    Maybe don't plan on using it for a corporation, but it'll work.

  • slhck

    Two ways documented on my blog:

  • slhck

    Look here:

    How to Setup a VPN (PPTP) Server on Debian Linux

    It tells you how to set up the pptpd service which is what you need. It works for me connecting from my iPhone with the VPN setting pointing to my Pi's IP.

    There is no building or compiling or similar. Just apt-get the pptp and configure your IP and user settings as described.