Hackviking He killed Chuck Norris, he ruled dancing so he took up a new hobby…

6Mar/170

Free in flight Wifi

For the last year and a half I have been flying back and forth between Sweden and San Francisco. Most of the airlines I fly have in flight Wifi for a cost. Usually I think it's pretty reasonable money for the 11 hours or so I get a connection. But when ever I get bored I need a challenge and I have found several ways to get around the payment wall.

Most airlines are pretty bad at blocking things like SSH proxy's on unexpected ports or DNS tunneling. I realize that most people don't know how to do that or have a linux box around that responds to SSH on all different kind of ports. There is a few other tricks you can do as well.

Last time I flow from San Francisco to Frankfurt I found that I could either pay or login with my account. Since I had an  account since before I opted for the "Reset my password" link  and entered my e-mail. How would I be able to get my password? Didn't have any internet connection yet. Would they unblock the common ports for e-mail apps? No they unblocked everything for 20 minutes. Enough for me to download an audio book and chat with my wife on Skype. Then it blocked again...

But I forgot to download my password, right... So I did a reset again and chatted with my wife for another 20 minutes for free. Third time it directed me to call customer support but at least I got 40 minutes of free internet. After getting back to Sweden I Googled it, I couldn't have been the only one that found this, right?

Didn't find as much info as I thought I would on different travel forums that I frequent but there were a few posts. One similar to mine is this one GENIUS FLIGHT HACK: Free Wi-Fi on US Air, AA, Delta, and More! It's basicly the same principal but for downloading the airline app instead.

So if you just want to check something quickly or download something to listen to this is an easy way to get around the payment firewall. From a legal point of view I can't really see any issues since they allow you any type of internet access after sending the "Reset my password" form. Their mistake is to open up all ports instead of just e-mail ports and browsing to the most common webmails.

18Nov/110

Watchguard SSLVPN unavalible

One organization I work for have Watchguard firewalls and are using SSLVPN. Yesterday it just stopped working. You couldn't connect with the client and if you tried to access the {firewall address}/sslvpn.html you got "Connection refused". First I tried to reboot the firewall and ended up with the same result. Checked the debug log and found these entries:

2011-11-17 20:28:36 sslvpn sslvpn_userlist, entry(virtual_ip=8dea8c0) not found.	Debug
2011-11-17 20:28:36 sslvpn sslvpn_userlist, entry(virtual_ip=adea8c0) not found.	Debug
2011-11-17 20:28:36 sslvpn sslvpn_userlist, entry(virtual_ip=9dea8c0) not found.	Debug
2011-11-17 20:28:36 sslvpn sslvpn_userlist, entry(virtual_ip=4dea8c0) not found.	Debug
2011-11-17 20:28:36 sslvpn sslvpn_userlist, entry(virtual_ip=7dea8c0) not found.	Debug
2011-11-17 20:28:36 sslvpn sslvpn_userlist, entry(virtual_ip=2dea8c0) not found.	Debug

Googled it, of course, and didn't really find anything useful. So i started checking all of the config, the access to the AD and stuff like that. Thought that if the firewall didn't get access to the AD it might just close all AD dependent connections but all looked OK there two.

Finally I found out how to solve it, or really get ride of the problem. It's hardly a sexy solution but here's what I did:

  1. I saved my config to an XML file.
  2. I disabled the SSLVPN and saved that config to the firewall.
  3. Opened the saved XML config with SSLVPN enabled and uploaded it to the firewall.

Then it all worked again!