force QEMU VMs network through a VPN

2024-08-09 01:38:06 +02:00 · 2024-08-09 01:38:06 +02:00 · d6a960e73d
commit d6a960e73d
parent 37fda492df
15 changed files with 215 additions and 6 deletions
--- a/servers/anon.html
+++ b/servers/anon.html
@ -122,7 +122,7 @@
                <li><a href="compilation/index.html">✅ How to compile open source software + How to verify software integrity </a></li>
                <li><a href="hypervisorsetup/index.html">✅ How to Virtualize Machines (QEMU/KVM Hypervisor)</a></li>
                <li><a href="vpn/index.html">✅ How to get privacy from your ISP using a VPN</a></li>
-                <li><a href="vpn/index.html">❌ Route QEMU VMs network through a VPN (from the Host OS)</a></li>
+                <li><a href="vpnqemu/index.html">✅ Route QEMU VMs through a Host OS VPN</a></li>
                <li><a href="passwordmanagement/index.html">✅ Password Management 101 (How to use Keepass)</a></li>
                <li><a href="serversideencryption/index.html">✅ Serverside: Should I trust serverside encryption? Should I use PGP?</a></li>
                <li><a href="pgp/index.html">✅ Private Messaging (PGP encryption)</a></li>
@ -166,8 +166,8 @@
 <p>💻 Clientside - Getting Started (<a href="torthroughvpn/index.html">⚠️ Check if your ISP allows Tor or Not!</a>)</p>
 <ol>
                <li><a href="torbrowsing/index.html">✅ Tor Web Browser setup</a></li>
-                <li><a href="tailsqemuvm/index.html">🟠 Tails OS QEMU VM for Temporary Anonymity</a></li>
-                <li><a href="whonixqemuvms/index.html">🟠 VMs for Long-term Anonymity (Whonix QEMU VMs)</a></li>
+                <li><a href="tailsqemuvm/index.html">✅ Tails OS QEMU VM for Temporary Anonymity</a></li>
+                <li><a href="whonixqemuvms/index.html">✅ VMs for Long-term Anonymity (Whonix QEMU VMs)</a></li>

 </ol></br>

--- a/servers/tailsqemuvm/index.html
+++ b/servers/tailsqemuvm/index.html
@ -73,7 +73,7 @@
    <li><p>Application: <a href="../anon.html">Host-based VPN</a> (if your ISP doesn't allow Tor traffic)  </p></li>
 </ol>
 <p>I recommend using this setup into one of the above mentionned VMs, for <a href="../anonymityexplained/index.html">Anonymous use</a>, as per the <a href="../opsec4levels/index.html">4 basic OPSEC levels</a>.</p>
-<p>TODO: force a VPN through Tor</p>
+<p><u>Sidenote:</u> If your ISP does not allow Tor traffic, make sure that you <a href="../vpnqemu/index.html">route the  QEMU VMs traffic through a VPN</a>, to hide the tor traffic from your ISP (You -> VPN -> Tor) Setup</p>

          
 	       </div>
--- a/servers/vpnqemu/0.png
+++ b/servers/vpnqemu/0.png
--- a/servers/vpnqemu/1.png
+++ b/servers/vpnqemu/1.png
--- a/servers/vpnqemu/10.png
+++ b/servers/vpnqemu/10.png
--- a/servers/vpnqemu/2.png
+++ b/servers/vpnqemu/2.png
--- a/servers/vpnqemu/3.png
+++ b/servers/vpnqemu/3.png
--- a/servers/vpnqemu/4.png
+++ b/servers/vpnqemu/4.png
--- a/servers/vpnqemu/5.png
+++ b/servers/vpnqemu/5.png
--- a/servers/vpnqemu/6.png
+++ b/servers/vpnqemu/6.png
--- a/servers/vpnqemu/7.png
+++ b/servers/vpnqemu/7.png
--- a/servers/vpnqemu/8.png
+++ b/servers/vpnqemu/8.png
--- a/servers/vpnqemu/9.png
+++ b/servers/vpnqemu/9.png
--- a/servers/vpnqemu/index.html
+++ b/servers/vpnqemu/index.html
@ -0,0 +1,208 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="">
+    <meta name="author" content="">
+    <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
+
+    <title>Route QEMU VMs through a Host OS VPN</title>
+
+    <!-- Bootstrap core CSS -->
+    <link href="../../assets/css/bootstrap.css" rel="stylesheet">
+	<link href="../../assets/css/xt256.css" rel="stylesheet">
+    
+    
+
+    <!-- Custom styles for this template -->
+    <link href="../../assets/css/main.css" rel="stylesheet">
+
+    
+
+    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
+    <!--[if lt IE 9]>
+      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
+      <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
+    <![endif]-->
+  </head>
+
+  <body>
+
+    <!-- Static navbar -->
+    <div class="navbar navbar-inverse-anon navbar-static-top">
+      <div class="container">
+        <div class="navbar-header">
+          <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+          </button>
+          <a class="navbar-brand-anon" href="\index.html">nihilist`s Blog</a>
+        </div>
+        <div class="navbar-collapse collapse">
+          <ul class="nav navbar-nav navbar-right">
+
+            <li><a  href="/about.html">About</a></li>
+            <li><a  href="/blog.html">Categories</a></li>
+<li><a href="https://blog.nihilism.network/donate.html">Donate</a></li>
+            <li><a  href="/contact.html">Contact</a></li>
+          </ul>
+        </div><!--/.nav-collapse -->
+        
+      </div>
+    </div>
+
+	<!-- +++++ Posts Lists +++++ -->
+	<!-- +++++ First Post +++++ -->
+	<div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+  					<a href="../anon.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-08-08</ba></p>
+<h1>Route QEMU VMs through a Host OS VPN </h1>
+<p> </p>
+          
+	       </div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /grey -->
+
+	<!-- +++++ Second Post +++++ -->
+	<div id="anon3">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Initial Setup </b></h2>
+<p>First, install the VPN like we saw previously <a href="../vpn/index.html">here</a>, but the only difference being that we now install it on the Host OS, rather than inside the VM.</p>
+<pre><code class="nim">
+# Download the Mullvad signing key
+sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc
+
+# Add the Mullvad repository server to apt
+echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
+# Or add the Mullvad BETA repository server to apt
+echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/beta $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
+
+# Install the package
+sudo apt update
+sudo apt install mullvad-vpn
+
+# Connect to Mullvad VPN
+mullvad account login
+Enter an account number: 91320912809328832
+Mullvad account "91320912809328832" set
+
+# Connect to the VPN:
+mullvad lockdown-mode set on
+mullvad connect
+
+curl ifconfig.me
+194.127.199.92
+	
+</code></pre>
+
+<p>Then, configure mullvad as follows:</p>
+<img src="0.png" >
+<img src="1.png" >
+<img src="2.png" >
+<p>From there you'll have the tun0 network interface available, which we can use in the QEMU VM XML configuration: </p>
+<img src="3.png" class="imgRz">
+<p>As you can see here, we have the tun0 interface, with the 10.5.0.0/16 subnet, so we'll use a smaller subnet within that same subnet to create our VPN NAT configuration:</p>
+<img src="4.png" class="imgRz">
+<p>Then use it on your VM configuration like so:</p>
+<img src="5.png" class="imgRz">
+<p>And then once applied, you can check if it works as intended from inside the VM, by going to <a href="https://mullvad.net/en/check">https://mullvad.net/en/check</a></p>
+<img src="6.png" class="imgRz">
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Whonix VPN -> Tor Setup </b></h2> </br> </br>
+<p>As we explained previously <a href="../torthroughvpn/index.html">here</a>, if your ISP does not allow Tor traffic, you need to hide it behind a VPN. And when you want to use Anonymity on the VM itself. One simple way to do it is te the traffic through a Host-based VPN like we showcased above. </p>
+<p>The existing Whonix-External network looks like so by default:</p>
+<pre><code class="nim">
+<<b></b>network>
+  <<b></b>name>Whonix-External<<b></b>/name>
+  <<b></b>uuid>1775d1fe-1606-4962-a3a6-b7b451b9442e<<b></b>/uuid>
+  <<b></b>forward mode="nat">
+    <<b></b>nat>
+      <<b></b>port start="1024" end="65535"/>
+    <<b></b>/nat>
+  <<b></b>/forward>
+  <<b></b>bridge name="virbr1" stp="on" delay="0"/>
+  <<b></b>mac address="52:54:00:66:89:bb"/>
+  <<b></b>ip address="10.0.2.2" netmask="255.255.255.0">
+  <<b></b>/ip>
+<<b></b>/network>
+
+</code></pre>
+
+<p>And it needs to be changed to the following:</p>
+<pre><code class="nim">
+<<b></b>network>
+  <<b></b>name>Whonix-External<<b></b>/name>
+  <<b></b>forward dev='tun0' mode='nat'/>
+  <<b></b>bridge name='virbr1' stp='on' delay='0'/>
+  <<b></b>ip address='10.0.2.2' netmask='255.255.255.0'>
+  <<b></b>/ip>
+<<b></b>/network>
+
+</code></pre>
+
+<p>So do the following:</p>
+<img src="7.png" class="imgRz">
+<img src="8.png" class="imgRz">
+<img src="9.png" class="imgRz">
+<img src="10.png" class="imgRz">
+<p>And that's it! We now have a (VPN -> Tor) setup, in case if your ISP doesn't allow Tor traffic, concealing it behind the VPN.</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+	<!-- +++++ Footer Section +++++ -->
+
+	<div id="anonb">
+		<div class="container">
+			<div class="row">
+				<div class="col-lg-4">
+					<h4>Nihilism</h4>
+          <p>
+						Until there is Nothing left.
+						
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>My Links</h4>
+					<p>
+
+						<a target="_blank" rel="noopener noreferrer" href="http://blog.nihilism.network/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nihilism:m.datura.network">Matrix Chat</a><br/>
+
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>About nihilist</h4>
+					<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@nihilism.network (<a href="https://nihilism.network/nihilist.pubkey">PGP</a>)</p>
+				</div><!-- /col-lg-4 -->
+
+			</div>
+
+		</div>
+	</div>
+
+
+    <!-- Bootstrap core JavaScript
+    ================================================== -->
+    <!-- Placed at the end of the document so the pages load faster -->
+    
+  </body>
+</html>
--- a/servers/whonixqemuvms/index.html
+++ b/servers/whonixqemuvms/index.html
@ -8,7 +8,7 @@
    <meta name="author" content="">
    <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">

-    <title>whonixqemuvms Setup</title>
+    <title>Whonix QEMU VMs Setup</title>

    <!-- Bootstrap core CSS -->
    <link href="../../assets/css/bootstrap.css" rel="stylesheet">
@ -73,7 +73,8 @@
    <li><p>Application: <a href="../anon.html">Host-based VPN</a> (if your ISP doesn't allow Tor traffic)  </p></li>
 </ol>
 <p>I recommend using this setup into one of the above mentionned VMs, for <a href="../anonymityexplained/index.html">Anonymous use</a>, as per the <a href="../opsec4levels/index.html">4 basic OPSEC levels</a>.</p>
-<p>TODO: force a VPN through Tor</p>
+<p><u>Sidenote:</u> If your ISP does not allow Tor traffic, make sure that you <a href="../vpnqemu/index.html">route the  QEMU VMs traffic through a VPN</a>, to hide the tor traffic from your ISP (You -> VPN -> Tor) Setup</p>
+

          
 	       </div>