In this tutorial we're going to take a look at how to manage your online Anonymity.
We want 3 ways to access websites. The first being while using tor, for complete anonymity. The second is to do the same but to masquerade it with a non-KYC VPN which will also be acquired anonymously, and the last is without any protection.
As a preventive measure, we're going to separate each VMs using VLANs, so that there's a clear separation between any KYC VMs, and VMs used for anonymity. To do so there will be 3 separate VLANs, one being for Anonymity purposes, and the others for KYC use. For Anonymity, there will be a veracrypt hidden partition in use for plausible deniability.
To prepare the computer for those tasks, we will rely on opensource software to avoid any tracking, we'll remove logs from arch linux, and from pfsense.
And lastly, we're going to take a look at how to keep track of your accesses to the websites you access anonymously
First let's make sure all logs get erased upon system shutdown (by piping all logs to go to the /tmp/ folder):
[ 10.99.99.9/24 ] [ /dev/pts/31 ] [/var]
→ sudo rm -rf log
[sudo] password for nothing:
[ 10.99.99.9/24 ] [ /dev/pts/31 ] [/var]
→ sudo ln -s /tmp/ /var/log
[ 10.99.99.9/24 ] [ /dev/pts/31 ] [/var]
→ ls -lash log
0 lrwxrwxrwx 1 root root 5 Sep 24 18:43 log -> /tmp/
Next we're going to install libvirti as seen here:
sudo pacman -S libvirt qemu virt-manager dnsmasq bridge-utils
sudo systemctl enable --now libvirtd
virt-manager
Then create the 2 separate LANs for the VMs in virt-manager like so:
Then you're going to need to create the pfsense VM, so first get the iso from the official website:
[ 10.99.99.9/24 ] [ /dev/pts/31 ] [/var]
→ cd /mnt/VAULT/ISOs
[ 10.99.99.9/24 ] [ /dev/pts/31 ] [/mnt/VAULT/ISOs]
→ mv ~/Downloads/pfSense-CE-2.7.0-RELEASE-amd64.iso.gz .
[ 10.99.99.9/24 ] [ /dev/pts/31 ] [/mnt/VAULT/ISOs]
→ ls -lash | grep pfSense
730M -rw-r--r-- 1 nothing nothing 730M Sep 24 19:16 pfSense-CE-2.7.0-RELEASE-amd64.iso
Then create the VM:
Before installing the VM we will setup the 3 network cards it will handle: The default WAN, and the 2 LANs
Now let's start installing the pfsense VM:
And now that's done, next step is to make sure pfsense handles the 2 VLANs properly:
Then we set the ip addresses of each interface, starting with the LAN-KYC VLAN:
Then do the same for the LAN-ANON VLAN:
For this next step, we're going to put a VM in the KYC vlan to finish the pfsense router setup
From there, it's a matter of setting up pfsense:
To change the pfsense theme to a dark theme, go in System > General Setup > webConfiguratior > Theme > set to pfsense-dark
As you've seen above, we've set 2 temporary public dns servers, so next we're going to setup 2 local TOR DNS servers, which will allow the VMs to resolve any domain anonymously.
Once done, we make sure that pfsense takes these 2 dns servers, and only uses them, will also setup firewall rules to deny any other dns traffic.
Here you can see it's working fine:
Then shutdown the VM, clone it and you'll have the 2 tor DNSes working.
Next just put them in the anon VLAN:
Once in there, we make sure that they are DHCP reserved so their ip won't change over time:
Then do the same for the other tordns:
Then from the firewall, we allow the whole subnet to communicate to tordns1 and 2, because they will also be the bridge nodes, and we allow the tordns 1 and 2 servers to connect anywhere with any protocol. That way, the only traffic that can escape from the anon subnet, will only be through these 2 servers, that will prevent any data leak from happening.
Until there is Nothing left.
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
Contact: nihilist@nihilism.network (PGP)