2024-08-09 01:38:06 +02:00
<!DOCTYPE html>
< html lang = "en" >
< head >
< meta charset = "utf-8" >
< meta http-equiv = "X-UA-Compatible" content = "IE=edge" >
< meta name = "viewport" content = "width=device-width, initial-scale=1.0" >
< meta name = "description" content = "" >
< meta name = "author" content = "" >
< link rel = "shortcut icon" href = "../../../../../../assets/img/favicon.png" >
< title > Route QEMU VMs through a Host OS VPN< / title >
<!-- Bootstrap core CSS -->
< link href = "../../assets/css/bootstrap.css" rel = "stylesheet" >
< link href = "../../assets/css/xt256.css" rel = "stylesheet" >
<!-- Custom styles for this template -->
< link href = "../../assets/css/main.css" rel = "stylesheet" >
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!-- [if lt IE 9]>
< script src = "https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js" > < / script >
< script src = "https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js" > < / script >
<![endif]-->
< / head >
< body >
<!-- Static navbar -->
< div class = "navbar navbar-inverse-anon navbar-static-top" >
< div class = "container" >
< div class = "navbar-header" >
< button type = "button" class = "navbar-toggle" data-toggle = "collapse" data-target = ".navbar-collapse" >
< span class = "icon-bar" > < / span >
< span class = "icon-bar" > < / span >
< span class = "icon-bar" > < / span >
< / button >
< a class = "navbar-brand-anon" href = "\index.html" > nihilist`s Blog< / a >
< / div >
< div class = "navbar-collapse collapse" >
< ul class = "nav navbar-nav navbar-right" >
< li > < a href = "/about.html" > About< / a > < / li >
< li > < a href = "/blog.html" > Categories< / a > < / li >
< li > < a href = "https://blog.nihilism.network/donate.html" > Donate< / a > < / li >
< li > < a href = "/contact.html" > Contact< / a > < / li >
< / ul >
< / div > <!-- /.nav - collapse -->
< / div >
< / div >
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
< div id = "anon2" >
< div class = "container" >
< div class = "row" >
< div class = "col-lg-8 col-lg-offset-2" >
< a href = "../anon.html" > Previous Page< / a > < / br > < / br > < p > < img src = "../../assets/img/user.png" width = "50px" height = "50px" > < ba > nihilist@mainpc - 2024-08-08< / ba > < / p >
< h1 > Route QEMU VMs through a Host OS VPN < / h1 >
< p > < / p >
< / div >
< / div > <!-- /row -->
< / div > <!-- /container -->
< / div > <!-- /grey -->
<!-- +++++ Second Post +++++ -->
< div id = "anon3" >
< div class = "container" >
< div class = "row" >
< div class = "col-lg-8 col-lg-offset-2" >
< h2 > < b > Initial Setup < / b > < / h2 >
< p > First, install the VPN like we saw previously < a href = "../vpn/index.html" > here< / a > , but the only difference being that we now install it on the Host OS, rather than inside the VM.< / p >
< pre > < code class = "nim" >
# Download the Mullvad signing key
sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc
# Add the Mullvad repository server to apt
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
# Or add the Mullvad BETA repository server to apt
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/beta $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
# Install the package
sudo apt update
sudo apt install mullvad-vpn
# Connect to Mullvad VPN
mullvad account login
Enter an account number: 91320912809328832
Mullvad account "91320912809328832" set
# Connect to the VPN:
mullvad lockdown-mode set on
mullvad connect
curl ifconfig.me
194.127.199.92
< / code > < / pre >
< p > Then, configure mullvad as follows:< / p >
< img src = "0.png" >
< img src = "1.png" >
< img src = "2.png" >
< p > From there you'll have the tun0 network interface available, which we can use in the QEMU VM XML configuration: < / p >
< img src = "3.png" class = "imgRz" >
< p > As you can see here, we have the tun0 interface, with the 10.5.0.0/16 subnet, so we'll use a smaller subnet within that same subnet to create our VPN NAT configuration:< / p >
< img src = "4.png" class = "imgRz" >
< p > Then use it on your VM configuration like so:< / p >
< img src = "5.png" class = "imgRz" >
< p > And then once applied, you can check if it works as intended from inside the VM, by going to < a href = "https://mullvad.net/en/check" > https://mullvad.net/en/check< / a > < / p >
< img src = "6.png" class = "imgRz" >
< / div >
< / div > <!-- /row -->
< / div > <!-- /container -->
< / div > <!-- /white -->
< div id = "anon2" >
< div class = "container" >
< div class = "row" >
< div class = "col-lg-8 col-lg-offset-2" >
< h2 > < b > Whonix VPN -> Tor Setup < / b > < / h2 > < / br > < / br >
2024-08-09 10:23:49 +02:00
< p > As we explained previously < a href = "../torthroughvpn/index.html" > here< / a > , if your ISP does not allow Tor traffic, you need to hide it behind a VPN. And when you want to use Anonymity on the VM itself. One simple way to do it is to route the network traffic (via NAT) through a Host-based VPN like we showcased above. < / p >
2024-08-09 01:38:06 +02:00
< p > The existing Whonix-External network looks like so by default:< / p >
< pre > < code class = "nim" >
< < b > < / b > network>
< < b > < / b > name>Whonix-External< < b > < / b > /name>
< < b > < / b > uuid>1775d1fe-1606-4962-a3a6-b7b451b9442e< < b > < / b > /uuid>
< < b > < / b > forward mode="nat">
< < b > < / b > nat>
< < b > < / b > port start="1024" end="65535"/>
< < b > < / b > /nat>
< < b > < / b > /forward>
< < b > < / b > bridge name="virbr1" stp="on" delay="0"/>
< < b > < / b > mac address="52:54:00:66:89:bb"/>
< < b > < / b > ip address="10.0.2.2" netmask="255.255.255.0">
< < b > < / b > /ip>
< < b > < / b > /network>
< / code > < / pre >
< p > And it needs to be changed to the following:< / p >
< pre > < code class = "nim" >
< < b > < / b > network>
< < b > < / b > name>Whonix-External< < b > < / b > /name>
< < b > < / b > forward dev='tun0' mode='nat'/>
< < b > < / b > bridge name='virbr1' stp='on' delay='0'/>
< < b > < / b > ip address='10.0.2.2' netmask='255.255.255.0'>
< < b > < / b > /ip>
< < b > < / b > /network>
< / code > < / pre >
< p > So do the following:< / p >
< img src = "7.png" class = "imgRz" >
< img src = "8.png" class = "imgRz" >
< img src = "9.png" class = "imgRz" >
< img src = "10.png" class = "imgRz" >
< p > And that's it! We now have a (VPN -> Tor) setup, in case if your ISP doesn't allow Tor traffic, concealing it behind the VPN.< / p >
< / div >
< / div > <!-- /row -->
< / div > <!-- /container -->
< / div > <!-- /white -->
<!-- +++++ Footer Section +++++ -->
< div id = "anonb" >
< div class = "container" >
< div class = "row" >
< div class = "col-lg-4" >
< h4 > Nihilism< / h4 >
< p >
Until there is Nothing left.
< / p >
< / div > <!-- /col - lg - 4 -->
< div class = "col-lg-4" >
< h4 > My Links< / h4 >
< p >
< a target = "_blank" rel = "noopener noreferrer" href = "http://blog.nihilism.network/rss/feed.xml" > RSS Feed< / a > < br / > < a target = "_blank" rel = "noopener noreferrer" href = "https://matrix.to/#/#nihilism:m.datura.network" > Matrix Chat< / a > < br / >
< / p >
< / div > <!-- /col - lg - 4 -->
< div class = "col-lg-4" >
< h4 > About nihilist< / h4 >
< p style = "word-wrap: break-word;" > < u > Donate XMR:< / u > 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8< / p > < / br > < p > < u > Contact:< / u > nihilist@nihilism.network (< a href = "https://nihilism.network/nihilist.pubkey" > PGP< / a > )< / p >
< / div > <!-- /col - lg - 4 -->
< / div >
< / div >
< / div >
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
< / body >
< / html >