diff --git a/servers/anon.html b/servers/anon.html index 7ca1ccc..d377fdb 100644 --- a/servers/anon.html +++ b/servers/anon.html @@ -122,7 +122,7 @@
  • ✅ How to compile open source software + How to verify software integrity
  • ✅ How to Virtualize Machines (QEMU/KVM Hypervisor)
  • ✅ How to get privacy from your ISP using a VPN
  • -
  • ❌ Route QEMU VMs network through a VPN (from the Host OS)
  • +
  • ✅ Route QEMU VMs through a Host OS VPN
  • ✅ Password Management 101 (How to use Keepass)
  • ✅ Serverside: Should I trust serverside encryption? Should I use PGP?
  • ✅ Private Messaging (PGP encryption)
  • @@ -166,8 +166,8 @@

    💻 Clientside - Getting Started (⚠️ Check if your ISP allows Tor or Not!)

    1. ✅ Tor Web Browser setup
    2. -
    3. 🟠 Tails OS QEMU VM for Temporary Anonymity
    4. -
    5. 🟠 VMs for Long-term Anonymity (Whonix QEMU VMs)
    6. +
    7. ✅ Tails OS QEMU VM for Temporary Anonymity
    8. +
    9. ✅ VMs for Long-term Anonymity (Whonix QEMU VMs)

    diff --git a/servers/tailsqemuvm/index.html b/servers/tailsqemuvm/index.html index 541243f..bd922a0 100644 --- a/servers/tailsqemuvm/index.html +++ b/servers/tailsqemuvm/index.html @@ -73,7 +73,7 @@
  • Application: Host-based VPN (if your ISP doesn't allow Tor traffic)

  • I recommend using this setup into one of the above mentionned VMs, for Anonymous use, as per the 4 basic OPSEC levels.

    -

    TODO: force a VPN through Tor

    +

    Sidenote: If your ISP does not allow Tor traffic, make sure that you route the QEMU VMs traffic through a VPN, to hide the tor traffic from your ISP (You -> VPN -> Tor) Setup

    diff --git a/servers/vpnqemu/0.png b/servers/vpnqemu/0.png new file mode 100644 index 0000000..6491060 Binary files /dev/null and b/servers/vpnqemu/0.png differ diff --git a/servers/vpnqemu/1.png b/servers/vpnqemu/1.png new file mode 100644 index 0000000..8cecbf4 Binary files /dev/null and b/servers/vpnqemu/1.png differ diff --git a/servers/vpnqemu/10.png b/servers/vpnqemu/10.png new file mode 100644 index 0000000..fc67781 Binary files /dev/null and b/servers/vpnqemu/10.png differ diff --git a/servers/vpnqemu/2.png b/servers/vpnqemu/2.png new file mode 100644 index 0000000..5e23c4d Binary files /dev/null and b/servers/vpnqemu/2.png differ diff --git a/servers/vpnqemu/3.png b/servers/vpnqemu/3.png new file mode 100644 index 0000000..30b0f06 Binary files /dev/null and b/servers/vpnqemu/3.png differ diff --git a/servers/vpnqemu/4.png b/servers/vpnqemu/4.png new file mode 100644 index 0000000..0059739 Binary files /dev/null and b/servers/vpnqemu/4.png differ diff --git a/servers/vpnqemu/5.png b/servers/vpnqemu/5.png new file mode 100644 index 0000000..8766e7c Binary files /dev/null and b/servers/vpnqemu/5.png differ diff --git a/servers/vpnqemu/6.png b/servers/vpnqemu/6.png new file mode 100644 index 0000000..2d15cf6 Binary files /dev/null and b/servers/vpnqemu/6.png differ diff --git a/servers/vpnqemu/7.png b/servers/vpnqemu/7.png new file mode 100644 index 0000000..cf4ec4b Binary files /dev/null and b/servers/vpnqemu/7.png differ diff --git a/servers/vpnqemu/8.png b/servers/vpnqemu/8.png new file mode 100644 index 0000000..f2dbe6e Binary files /dev/null and b/servers/vpnqemu/8.png differ diff --git a/servers/vpnqemu/9.png b/servers/vpnqemu/9.png new file mode 100644 index 0000000..243f467 Binary files /dev/null and b/servers/vpnqemu/9.png differ diff --git a/servers/vpnqemu/index.html b/servers/vpnqemu/index.html new file mode 100644 index 0000000..8bd83e3 --- /dev/null +++ b/servers/vpnqemu/index.html @@ -0,0 +1,208 @@ + + + + + + + + + + + Route QEMU VMs through a Host OS VPN + + + + + + + + + + + + + + + + + + + + + + + +
    +
    +
    +
    + Previous Page

    nihilist@mainpc - 2024-08-08

    +

    Route QEMU VMs through a Host OS VPN

    +

    + +
    +
    +
    +
    + + +
    +
    +
    +
    +

    Initial Setup

    +

    First, install the VPN like we saw previously here, but the only difference being that we now install it on the Host OS, rather than inside the VM.

    +
    
    +# Download the Mullvad signing key
    +sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc
    +
    +# Add the Mullvad repository server to apt
    +echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
    +# Or add the Mullvad BETA repository server to apt
    +echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/beta $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
    +
    +# Install the package
    +sudo apt update
    +sudo apt install mullvad-vpn
    +
    +# Connect to Mullvad VPN
    +mullvad account login
    +Enter an account number: 91320912809328832
    +Mullvad account "91320912809328832" set
    +
    +# Connect to the VPN:
    +mullvad lockdown-mode set on
    +mullvad connect
    +
    +curl ifconfig.me
    +194.127.199.92
    +	
    +
    + +

    Then, configure mullvad as follows:

    + + + +

    From there you'll have the tun0 network interface available, which we can use in the QEMU VM XML configuration:

    + +

    As you can see here, we have the tun0 interface, with the 10.5.0.0/16 subnet, so we'll use a smaller subnet within that same subnet to create our VPN NAT configuration:

    + +

    Then use it on your VM configuration like so:

    + +

    And then once applied, you can check if it works as intended from inside the VM, by going to https://mullvad.net/en/check

    + +
    +
    +
    +
    + +
    +
    +
    +
    +

    Whonix VPN -> Tor Setup



    +

    As we explained previously here, if your ISP does not allow Tor traffic, you need to hide it behind a VPN. And when you want to use Anonymity on the VM itself. One simple way to do it is te the traffic through a Host-based VPN like we showcased above.

    +

    The existing Whonix-External network looks like so by default:

    +
    
    +<network>
    +  <name>Whonix-External</name>
    +  <uuid>1775d1fe-1606-4962-a3a6-b7b451b9442e</uuid>
    +  <forward mode="nat">
    +    <nat>
    +      <port start="1024" end="65535"/>
    +    </nat>
    +  </forward>
    +  <bridge name="virbr1" stp="on" delay="0"/>
    +  <mac address="52:54:00:66:89:bb"/>
    +  <ip address="10.0.2.2" netmask="255.255.255.0">
    +  </ip>
    +</network>
    +
    +
    + +

    And it needs to be changed to the following:

    +
    
    +<network>
    +  <name>Whonix-External</name>
    +  <forward dev='tun0' mode='nat'/>
    +  <bridge name='virbr1' stp='on' delay='0'/>
    +  <ip address='10.0.2.2' netmask='255.255.255.0'>
    +  </ip>
    +</network>
    +
    +
    + +

    So do the following:

    + + + + +

    And that's it! We now have a (VPN -> Tor) setup, in case if your ISP doesn't allow Tor traffic, concealing it behind the VPN.

    + +
    +
    +
    +
    + + +
    +
    +
    +
    +

    Nihilism

    +

    + Until there is Nothing left. + +

    +
    + +
    +

    My Links

    +

    + + RSS Feed
    Matrix Chat
    + +

    +
    + +
    +

    About nihilist

    +

    Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


    Contact: nihilist@nihilism.network (PGP)

    +
    + +
    + +
    +
    + + + + + + + diff --git a/servers/whonixqemuvms/index.html b/servers/whonixqemuvms/index.html index 724f0c0..b09b9fa 100644 --- a/servers/whonixqemuvms/index.html +++ b/servers/whonixqemuvms/index.html @@ -8,7 +8,7 @@ - whonixqemuvms Setup + Whonix QEMU VMs Setup @@ -73,7 +73,8 @@
  • Application: Host-based VPN (if your ISP doesn't allow Tor traffic)

  • I recommend using this setup into one of the above mentionned VMs, for Anonymous use, as per the 4 basic OPSEC levels.

    -

    TODO: force a VPN through Tor

    +

    Sidenote: If your ISP does not allow Tor traffic, make sure that you route the QEMU VMs traffic through a VPN, to hide the tor traffic from your ISP (You -> VPN -> Tor) Setup

    +