Range Connection Instructions


The WraySec Cyber Range utilizes state-of-the-art cloud technology and is remotely accessible from any location and any device. Leveraging cloud technologies allows for highly scalable, flexible, and modular range development.

The range supports both low and high fidelity events, allowing the environment to match your exercise needs. In addition to customizable internal network configurations, the range also provides internet emulation.

Connecting to the WraySec Cyber Range is fast and simple. You will find directions to gain access to the WraySec Cyber Range below.  At any time if you should need further assistance with connecting to the WraySec Cyber Range, please contact support for guidance.

Please read this documentation fully before connecting to the range.

Requirements

In order to connect to the WraySec Cyber Range the follow items are required:

  • OpenVPN Client - You must be able to install and run the OpenVPN client on your system. Typically, installing and running the OpenVPN client requires elevated privileges. Speak with your IT Administrator to ensure you can meet this requirement.  Information on OpenVPN client installation and configuration can be found below.

 

  • Outbound Traffic - You must be able to connect to the range on UDP Port 1194. This port may be blocked. Speak with your IT Administrator to ensure external connectivity is available to UDP port 1194, specifically to the following domains:
     
    • blue-range.wraysec.com
    • red-range.wraysec.com
    • management-range.wraysec.com

 

  • License - You must have a valid license to utilize the WraySec Cyber Range. If you are interested in access to the range or would like more information on cyber exercises, please contact us.

 

  • OpenVPN Configuration - If you have procured access to the WraySec Cyber Range or have a scheduled cyber exercise, you should have received a link to your configuration profile. You need this configuration file to continue to the connection process. If you did not receive your configuration file, please contact us.

 

  • Remote Desktop Client - Regardless of the operating system you use, you will need a Remote Desktop (RDP) client to connect to your range workstation. Speak to your IT Administrator if you are unsure of which Remote Desktop client you should use.

Instructions

Step 1:  OpenVPN Client Installation

Install and configure the OpenVPN client for your operating system.

 

 

  • Linux
    • Download:  Most likely, your distribution provides the official OpenVPN client within the package repositories. It is recommended, when possible that you install the OpenVPN client through your package manager:
      • Ubuntu/Debian - sudo apt-get install openvpn
      • RedHat/Fedora/CentOS - yum install openvpn
      • Suse/OpenSUSE - zypper in openvpn
      • Gentoo - emerge -v net-vpn/openvpn
      • Arch - pacman -S openvpn
      • Other/Manual - You can manually build from source. The source files for the Linux OpenVPN client can be found on the Official OpenVPN Downloads page.
    • Installation Guide:  Please see your distribution specific documentation for guidance on installing the Linux OpenVPN client. Documentation for manually building the Linux OpenVPN client can be found within the OpenVPN Installation Notes.

 

  • Android
    • Download:  The official OpenVPN client for Android can be found on the Google Play Store. Download OpenVPN Connect.
    • Documentation:  Information on the Android OpenVPN client can be found within the OpenVPN Connect Android FAQ.

 

  • Apple IOS
    • Download:  The official OpenVPN client for IOS can be found on iTunes. Download OpenVPN Connect.
    • Documentation:  Information on the IOS OpenVPN client can be found within the OpenVPN Connect IOS FAQ.

Step 2:  OpenVPN Configuration

After you have completed the installation of your OpenVPN client, you need to download and import your OpenVPN Configuration Profile. In most cases, this is as simple as downloading the file and opening it (double-clicking on the file). Alternatively, the OpenVPN client often provides an import option to import new configurations.

You should have received a unique Profile download link from WraySec for your range access. The download link expires, so if you need another copy, or you never received your download link, please contact us.

Please note that the OpenVPN Configuration Profile is unique to each range user, and role. Generally, there are three roles for a given exercise: Blue, Red, and Management. If you have access to multiple roles, you will receive unique downloads for each role and must import each separately as explained below.

  • Windows / Mac OSX
    • When using the Windows Official OpenVPN client or the Tunnelblick client, simply download and double-click on the OpenVPN Configuration Profile file. Doing so will import the range settings into your client. You may also open your client and use the import wizard option to import your configuration file.

 

  • Android / Apple IOS
    • You will need to import your configuration file through the OpenVPN Connect client.  Please see the Android or IOS documentation for further instructions.

 

  • Linux
    • When using the openvpn  Linux binary, you can specify the configuration file you wish to use via a command-line argument.
    • Execute: openvpn --config <configuration file>
    • Alternatively, if you wish to configure the OpenVPN service on your system, you can place the configuration file into your OpenVPN configuration directory (typically /etc/openvpn).

Step 3:  Accessing The Range

The final step in the process of accessing the range is connecting to your "Workstation."  Your workstation is your portal into the range environment, and is set up to provide the desktop environment based on your role (Blue, Red, Management).

Using your OpenVPN client, connect to the WraySec Cyber Range, using the Profile you previously imported.

Once fully connected through VPN, use your Remote Desktop (RDP) client to connect to your workstation IP address.  Generally, the workstation address ranges are as follows:

  • Blue:  10.100.0.0/24
  • Red:  10.10.0.0/24
  • Management:  10.254.0.0/24

You should have event specific documentation that provides further detail or adjustments to the range addresses and workstation allocation.

Please note, you will not have internet access when connecting to the range. Additionally, you will not be able to directly connect your computing system to any range assets except for the workstation. All range activity must take place from within the workstation.

 

Special Notes

A single WraySec Cyber Range profile can only be used for one connection at a time. If you require multiple concurrent connections to the range, from multiple devices, you will need to obtain an additional configuration profile, please contact us.

It is generally recommended that your network provides approximately 2 Mbps of download throughput and 1 Mbps of upload throughput per user connecting to the cyber range. However, connectivity can be achieved with substantially lower connection speeds, with 1.0 Mbps download and 0.5 Mbps upload being the minimally acceptable user expereince. If the connection speeds are restricted or limited on your network, especially if they are lower than the minimum above, it is recommended that you downgrade the screen resolution in use over your remote desktop (RDP) session.

You will not have access to the internet from anywhere within the range. Once connected to the VPN, you will not be able to access the internet. Under no circumstances are you authorized to connect any range system, including your range workstation, to the internet, directly or indirectly. This rule is strictly enforced, and failure to adhere to the rule will result in your range access being terminated.

No files found within the range may be removed from the range under any circumstance. Files may be uploaded to the range through the "One-Way File Transfer" functionality found within the WraySec Scoreboard. Note that this feature only allows files to be uploaded to the range and will not authorize files to be downloaded from the range. This rule is strictly enforced, and failure to adhere to the rule will result in your range access being terminated.

Access to the WraySec Scoreboard is provided from both the VPN and within the range.

Further information about the range environment, including system credentials, and your event can be found within your event documentation.

At any time before, during, or after your event should you have questions about the range or require further assistance, please contact us.