force QEMU VMs network through a VPN
@ -122,7 +122,7 @@
|
||||
<li><a href="compilation/index.html">✅ How to compile open source software + How to verify software integrity </a></li>
|
||||
<li><a href="hypervisorsetup/index.html">✅ How to Virtualize Machines (QEMU/KVM Hypervisor)</a></li>
|
||||
<li><a href="vpn/index.html">✅ How to get privacy from your ISP using a VPN</a></li>
|
||||
<li><a href="vpn/index.html">❌ Route QEMU VMs network through a VPN (from the Host OS)</a></li>
|
||||
<li><a href="vpnqemu/index.html">✅ Route QEMU VMs through a Host OS VPN</a></li>
|
||||
<li><a href="passwordmanagement/index.html">✅ Password Management 101 (How to use Keepass)</a></li>
|
||||
<li><a href="serversideencryption/index.html">✅ Serverside: Should I trust serverside encryption? Should I use PGP?</a></li>
|
||||
<li><a href="pgp/index.html">✅ Private Messaging (PGP encryption)</a></li>
|
||||
@ -166,8 +166,8 @@
|
||||
<p>💻 Clientside - Getting Started (<a href="torthroughvpn/index.html">⚠️ Check if your ISP allows Tor or Not!</a>)</p>
|
||||
<ol>
|
||||
<li><a href="torbrowsing/index.html">✅ Tor Web Browser setup</a></li>
|
||||
<li><a href="tailsqemuvm/index.html">🟠 Tails OS QEMU VM for Temporary Anonymity</a></li>
|
||||
<li><a href="whonixqemuvms/index.html">🟠 VMs for Long-term Anonymity (Whonix QEMU VMs)</a></li>
|
||||
<li><a href="tailsqemuvm/index.html">✅ Tails OS QEMU VM for Temporary Anonymity</a></li>
|
||||
<li><a href="whonixqemuvms/index.html">✅ VMs for Long-term Anonymity (Whonix QEMU VMs)</a></li>
|
||||
|
||||
</ol></br>
|
||||
|
||||
|
@ -73,7 +73,7 @@
|
||||
<li><p>Application: <a href="../anon.html">Host-based VPN</a> (if your ISP doesn't allow Tor traffic) </p></li>
|
||||
</ol>
|
||||
<p>I recommend using this setup into one of the above mentionned VMs, for <a href="../anonymityexplained/index.html">Anonymous use</a>, as per the <a href="../opsec4levels/index.html">4 basic OPSEC levels</a>.</p>
|
||||
<p>TODO: force a VPN through Tor</p>
|
||||
<p><u>Sidenote:</u> If your ISP does not allow Tor traffic, make sure that you <a href="../vpnqemu/index.html">route the QEMU VMs traffic through a VPN</a>, to hide the tor traffic from your ISP (You -> VPN -> Tor) Setup</p>
|
||||
|
||||
|
||||
</div>
|
||||
|
BIN
servers/vpnqemu/0.png
Normal file
After Width: | Height: | Size: 44 KiB |
BIN
servers/vpnqemu/1.png
Normal file
After Width: | Height: | Size: 32 KiB |
BIN
servers/vpnqemu/10.png
Normal file
After Width: | Height: | Size: 60 KiB |
BIN
servers/vpnqemu/2.png
Normal file
After Width: | Height: | Size: 20 KiB |
BIN
servers/vpnqemu/3.png
Normal file
After Width: | Height: | Size: 22 KiB |
BIN
servers/vpnqemu/4.png
Normal file
After Width: | Height: | Size: 117 KiB |
BIN
servers/vpnqemu/5.png
Normal file
After Width: | Height: | Size: 141 KiB |
BIN
servers/vpnqemu/6.png
Normal file
After Width: | Height: | Size: 245 KiB |
BIN
servers/vpnqemu/7.png
Normal file
After Width: | Height: | Size: 73 KiB |
BIN
servers/vpnqemu/8.png
Normal file
After Width: | Height: | Size: 72 KiB |
BIN
servers/vpnqemu/9.png
Normal file
After Width: | Height: | Size: 143 KiB |
208
servers/vpnqemu/index.html
Normal file
@ -0,0 +1,208 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta name="description" content="">
|
||||
<meta name="author" content="">
|
||||
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
|
||||
|
||||
<title>Route QEMU VMs through a Host OS VPN</title>
|
||||
|
||||
<!-- Bootstrap core CSS -->
|
||||
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
|
||||
<link href="../../assets/css/xt256.css" rel="stylesheet">
|
||||
|
||||
|
||||
|
||||
<!-- Custom styles for this template -->
|
||||
<link href="../../assets/css/main.css" rel="stylesheet">
|
||||
|
||||
|
||||
|
||||
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
|
||||
<!--[if lt IE 9]>
|
||||
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
|
||||
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
|
||||
<![endif]-->
|
||||
</head>
|
||||
|
||||
<body>
|
||||
|
||||
<!-- Static navbar -->
|
||||
<div class="navbar navbar-inverse-anon navbar-static-top">
|
||||
<div class="container">
|
||||
<div class="navbar-header">
|
||||
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
|
||||
<span class="icon-bar"></span>
|
||||
<span class="icon-bar"></span>
|
||||
<span class="icon-bar"></span>
|
||||
</button>
|
||||
<a class="navbar-brand-anon" href="\index.html">nihilist`s Blog</a>
|
||||
</div>
|
||||
<div class="navbar-collapse collapse">
|
||||
<ul class="nav navbar-nav navbar-right">
|
||||
|
||||
<li><a href="/about.html">About</a></li>
|
||||
<li><a href="/blog.html">Categories</a></li>
|
||||
<li><a href="https://blog.nihilism.network/donate.html">Donate</a></li>
|
||||
<li><a href="/contact.html">Contact</a></li>
|
||||
</ul>
|
||||
</div><!--/.nav-collapse -->
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- +++++ Posts Lists +++++ -->
|
||||
<!-- +++++ First Post +++++ -->
|
||||
<div id="anon2">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<a href="../anon.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-08-08</ba></p>
|
||||
<h1>Route QEMU VMs through a Host OS VPN </h1>
|
||||
<p> </p>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /grey -->
|
||||
|
||||
<!-- +++++ Second Post +++++ -->
|
||||
<div id="anon3">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Initial Setup </b></h2>
|
||||
<p>First, install the VPN like we saw previously <a href="../vpn/index.html">here</a>, but the only difference being that we now install it on the Host OS, rather than inside the VM.</p>
|
||||
<pre><code class="nim">
|
||||
# Download the Mullvad signing key
|
||||
sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc
|
||||
|
||||
# Add the Mullvad repository server to apt
|
||||
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
|
||||
# Or add the Mullvad BETA repository server to apt
|
||||
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/beta $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
|
||||
|
||||
# Install the package
|
||||
sudo apt update
|
||||
sudo apt install mullvad-vpn
|
||||
|
||||
# Connect to Mullvad VPN
|
||||
mullvad account login
|
||||
Enter an account number: 91320912809328832
|
||||
Mullvad account "91320912809328832" set
|
||||
|
||||
# Connect to the VPN:
|
||||
mullvad lockdown-mode set on
|
||||
mullvad connect
|
||||
|
||||
curl ifconfig.me
|
||||
194.127.199.92
|
||||
|
||||
</code></pre>
|
||||
|
||||
<p>Then, configure mullvad as follows:</p>
|
||||
<img src="0.png" >
|
||||
<img src="1.png" >
|
||||
<img src="2.png" >
|
||||
<p>From there you'll have the tun0 network interface available, which we can use in the QEMU VM XML configuration: </p>
|
||||
<img src="3.png" class="imgRz">
|
||||
<p>As you can see here, we have the tun0 interface, with the 10.5.0.0/16 subnet, so we'll use a smaller subnet within that same subnet to create our VPN NAT configuration:</p>
|
||||
<img src="4.png" class="imgRz">
|
||||
<p>Then use it on your VM configuration like so:</p>
|
||||
<img src="5.png" class="imgRz">
|
||||
<p>And then once applied, you can check if it works as intended from inside the VM, by going to <a href="https://mullvad.net/en/check">https://mullvad.net/en/check</a></p>
|
||||
<img src="6.png" class="imgRz">
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
<div id="anon2">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Whonix VPN -> Tor Setup </b></h2> </br> </br>
|
||||
<p>As we explained previously <a href="../torthroughvpn/index.html">here</a>, if your ISP does not allow Tor traffic, you need to hide it behind a VPN. And when you want to use Anonymity on the VM itself. One simple way to do it is te the traffic through a Host-based VPN like we showcased above. </p>
|
||||
<p>The existing Whonix-External network looks like so by default:</p>
|
||||
<pre><code class="nim">
|
||||
<<b></b>network>
|
||||
<<b></b>name>Whonix-External<<b></b>/name>
|
||||
<<b></b>uuid>1775d1fe-1606-4962-a3a6-b7b451b9442e<<b></b>/uuid>
|
||||
<<b></b>forward mode="nat">
|
||||
<<b></b>nat>
|
||||
<<b></b>port start="1024" end="65535"/>
|
||||
<<b></b>/nat>
|
||||
<<b></b>/forward>
|
||||
<<b></b>bridge name="virbr1" stp="on" delay="0"/>
|
||||
<<b></b>mac address="52:54:00:66:89:bb"/>
|
||||
<<b></b>ip address="10.0.2.2" netmask="255.255.255.0">
|
||||
<<b></b>/ip>
|
||||
<<b></b>/network>
|
||||
|
||||
</code></pre>
|
||||
|
||||
<p>And it needs to be changed to the following:</p>
|
||||
<pre><code class="nim">
|
||||
<<b></b>network>
|
||||
<<b></b>name>Whonix-External<<b></b>/name>
|
||||
<<b></b>forward dev='tun0' mode='nat'/>
|
||||
<<b></b>bridge name='virbr1' stp='on' delay='0'/>
|
||||
<<b></b>ip address='10.0.2.2' netmask='255.255.255.0'>
|
||||
<<b></b>/ip>
|
||||
<<b></b>/network>
|
||||
|
||||
</code></pre>
|
||||
|
||||
<p>So do the following:</p>
|
||||
<img src="7.png" class="imgRz">
|
||||
<img src="8.png" class="imgRz">
|
||||
<img src="9.png" class="imgRz">
|
||||
<img src="10.png" class="imgRz">
|
||||
<p>And that's it! We now have a (VPN -> Tor) setup, in case if your ISP doesn't allow Tor traffic, concealing it behind the VPN.</p>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
<!-- +++++ Footer Section +++++ -->
|
||||
|
||||
<div id="anonb">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-4">
|
||||
<h4>Nihilism</h4>
|
||||
<p>
|
||||
Until there is Nothing left.
|
||||
|
||||
</p>
|
||||
</div><!-- /col-lg-4 -->
|
||||
|
||||
<div class="col-lg-4">
|
||||
<h4>My Links</h4>
|
||||
<p>
|
||||
|
||||
<a target="_blank" rel="noopener noreferrer" href="http://blog.nihilism.network/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nihilism:m.datura.network">Matrix Chat</a><br/>
|
||||
|
||||
</p>
|
||||
</div><!-- /col-lg-4 -->
|
||||
|
||||
<div class="col-lg-4">
|
||||
<h4>About nihilist</h4>
|
||||
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@nihilism.network (<a href="https://nihilism.network/nihilist.pubkey">PGP</a>)</p>
|
||||
</div><!-- /col-lg-4 -->
|
||||
|
||||
</div>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
<!-- Bootstrap core JavaScript
|
||||
================================================== -->
|
||||
<!-- Placed at the end of the document so the pages load faster -->
|
||||
|
||||
</body>
|
||||
</html>
|
@ -8,7 +8,7 @@
|
||||
<meta name="author" content="">
|
||||
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
|
||||
|
||||
<title>whonixqemuvms Setup</title>
|
||||
<title>Whonix QEMU VMs Setup</title>
|
||||
|
||||
<!-- Bootstrap core CSS -->
|
||||
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
|
||||
@ -73,7 +73,8 @@
|
||||
<li><p>Application: <a href="../anon.html">Host-based VPN</a> (if your ISP doesn't allow Tor traffic) </p></li>
|
||||
</ol>
|
||||
<p>I recommend using this setup into one of the above mentionned VMs, for <a href="../anonymityexplained/index.html">Anonymous use</a>, as per the <a href="../opsec4levels/index.html">4 basic OPSEC levels</a>.</p>
|
||||
<p>TODO: force a VPN through Tor</p>
|
||||
<p><u>Sidenote:</u> If your ISP does not allow Tor traffic, make sure that you <a href="../vpnqemu/index.html">route the QEMU VMs traffic through a VPN</a>, to hide the tor traffic from your ISP (You -> VPN -> Tor) Setup</p>
|
||||
|
||||
|
||||
|
||||
</div>
|
||||
|