forked from nihilist/blog-contributions
209 lines
7.4 KiB
HTML
209 lines
7.4 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<meta name="description" content="">
|
|
<meta name="author" content="">
|
|
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
|
|
|
|
<title>Route QEMU VMs through a Host OS VPN</title>
|
|
|
|
<!-- Bootstrap core CSS -->
|
|
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
|
|
<link href="../../assets/css/xt256.css" rel="stylesheet">
|
|
|
|
|
|
|
|
<!-- Custom styles for this template -->
|
|
<link href="../../assets/css/main.css" rel="stylesheet">
|
|
|
|
|
|
|
|
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
|
|
<!--[if lt IE 9]>
|
|
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
|
|
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
|
|
<![endif]-->
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<!-- Static navbar -->
|
|
<div class="navbar navbar-inverse-anon navbar-static-top">
|
|
<div class="container">
|
|
<div class="navbar-header">
|
|
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
|
|
<span class="icon-bar"></span>
|
|
<span class="icon-bar"></span>
|
|
<span class="icon-bar"></span>
|
|
</button>
|
|
<a class="navbar-brand-anon" href="\index.html">nihilist`s Blog</a>
|
|
</div>
|
|
<div class="navbar-collapse collapse">
|
|
<ul class="nav navbar-nav navbar-right">
|
|
|
|
<li><a href="/about.html">About</a></li>
|
|
<li><a href="/blog.html">Categories</a></li>
|
|
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
|
|
<li><a href="/contact.html">Contact</a></li>
|
|
</ul>
|
|
</div><!--/.nav-collapse -->
|
|
|
|
</div>
|
|
</div>
|
|
|
|
<!-- +++++ Posts Lists +++++ -->
|
|
<!-- +++++ First Post +++++ -->
|
|
<div id="anon2">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<a href="../anon.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-08-08</ba></p>
|
|
<h1>Route QEMU VMs through a Host OS VPN </h1>
|
|
<p> </p>
|
|
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /grey -->
|
|
|
|
<!-- +++++ Second Post +++++ -->
|
|
<div id="anon3">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<h2><b>Initial Setup </b></h2>
|
|
<p>First, install the VPN like we saw previously <a href="../vpn/index.html">here</a>, but the only difference being that we now install it on the Host OS, rather than inside the VM.</p>
|
|
<pre><code class="nim">
|
|
# Download the Mullvad signing key
|
|
sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc
|
|
|
|
# Add the Mullvad repository server to apt
|
|
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
|
|
# Or add the Mullvad BETA repository server to apt
|
|
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/beta $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
|
|
|
|
# Install the package
|
|
sudo apt update
|
|
sudo apt install mullvad-vpn
|
|
|
|
# Connect to Mullvad VPN
|
|
mullvad account login
|
|
Enter an account number: 91320912809328832
|
|
Mullvad account "91320912809328832" set
|
|
|
|
# Connect to the VPN:
|
|
mullvad lockdown-mode set on
|
|
mullvad connect
|
|
|
|
curl ifconfig.me
|
|
194.127.199.92
|
|
|
|
</code></pre>
|
|
|
|
<p>Then, configure mullvad as follows:</p>
|
|
<img src="0.png" >
|
|
<img src="1.png" >
|
|
<img src="2.png" >
|
|
<p>From there you'll have the tun0 network interface available, which we can use in the QEMU VM XML configuration: </p>
|
|
<img src="3.png" class="imgRz">
|
|
<p>As you can see here, we have the tun0 interface, with the 10.5.0.0/16 subnet, so we'll use a smaller subnet within that same subnet to create our VPN NAT configuration:</p>
|
|
<img src="4.png" class="imgRz">
|
|
<p>Then use it on your VM configuration like so:</p>
|
|
<img src="5.png" class="imgRz">
|
|
<p>And then once applied, you can check if it works as intended from inside the VM, by going to <a href="https://mullvad.net/en/check">https://mullvad.net/en/check</a></p>
|
|
<img src="6.png" class="imgRz">
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /white -->
|
|
|
|
<div id="anon2">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<h2><b>Whonix VPN -> Tor Setup </b></h2> </br> </br>
|
|
<p>As we explained previously <a href="../torthroughvpn/index.html">here</a>, if your ISP does not allow Tor traffic, you need to hide it behind a VPN. And when you want to use Anonymity on the VM itself. One simple way to do it is to route the network traffic (via NAT) through a Host-based VPN like we showcased above. </p>
|
|
<p>The existing Whonix-External network looks like so by default:</p>
|
|
<pre><code class="nim">
|
|
<<b></b>network>
|
|
<<b></b>name>Whonix-External<<b></b>/name>
|
|
<<b></b>uuid>1775d1fe-1606-4962-a3a6-b7b451b9442e<<b></b>/uuid>
|
|
<<b></b>forward mode="nat">
|
|
<<b></b>nat>
|
|
<<b></b>port start="1024" end="65535"/>
|
|
<<b></b>/nat>
|
|
<<b></b>/forward>
|
|
<<b></b>bridge name="virbr1" stp="on" delay="0"/>
|
|
<<b></b>mac address="52:54:00:66:89:bb"/>
|
|
<<b></b>ip address="10.0.2.2" netmask="255.255.255.0">
|
|
<<b></b>/ip>
|
|
<<b></b>/network>
|
|
|
|
</code></pre>
|
|
|
|
<p>And it needs to be changed to the following:</p>
|
|
<pre><code class="nim">
|
|
<<b></b>network>
|
|
<<b></b>name>Whonix-External<<b></b>/name>
|
|
<<b></b>forward dev='tun0' mode='nat'/>
|
|
<<b></b>bridge name='virbr1' stp='on' delay='0'/>
|
|
<<b></b>ip address='10.0.2.2' netmask='255.255.255.0'>
|
|
<<b></b>/ip>
|
|
<<b></b>/network>
|
|
|
|
</code></pre>
|
|
|
|
<p>So do the following:</p>
|
|
<img src="7.png" class="imgRz">
|
|
<img src="8.png" class="imgRz">
|
|
<img src="9.png" class="imgRz">
|
|
<img src="10.png" class="imgRz">
|
|
<p>And that's it! We now have a (VPN -> Tor) setup, in case if your ISP doesn't allow Tor traffic, concealing it behind the VPN.</p>
|
|
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /white -->
|
|
<!-- +++++ Footer Section +++++ -->
|
|
|
|
<div id="anonb">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-4">
|
|
<h4>Nihilism</h4>
|
|
<p>
|
|
Until there is Nothing left.
|
|
|
|
</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
<div class="col-lg-4">
|
|
<h4>My Links</h4>
|
|
<p>
|
|
|
|
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nowheremoe:nowhere.moe">Matrix Chat</a><br/>
|
|
|
|
</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
<div class="col-lg-4">
|
|
<h4>About nihilist</h4>
|
|
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<!-- Bootstrap core JavaScript
|
|
================================================== -->
|
|
<!-- Placed at the end of the document so the pages load faster -->
|
|
|
|
</body>
|
|
</html>
|