blog-contributions/opsec/vpnqemu/index.html
2024-09-01 16:03:02 +02:00

213 lines
7.9 KiB
HTML

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>Route QEMU VMs through a Host OS VPN</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../assets/css/xt256.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-anon navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand-anon" href="\index.html">nihilist`s Blog</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-08-08</ba></p>
<h1>Route QEMU VMs through a Host OS VPN </h1>
<p> </p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Initial Setup </b></h2>
<p>First, install the VPN like we saw previously <a href="../vpn/index.html">here</a>, but the only difference being that we now install it on the Host OS, rather than inside the VM.</p>
<pre><code class="nim">
# Download the Mullvad signing key
sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc
# Add the Mullvad repository server to apt
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
# Or add the Mullvad BETA repository server to apt
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/beta $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
# Install the package
sudo apt update
sudo apt install mullvad-vpn
# Connect to Mullvad VPN
mullvad account login
Enter an account number: 91320912809328832
Mullvad account "91320912809328832" set
# Connect to the VPN:
mullvad lockdown-mode set on
mullvad connect
curl ifconfig.me
194.127.199.92
</code></pre>
<p>Then, configure mullvad as follows:</p>
<img src="0.png" >
<img src="1.png" >
<img src="2.png" >
<p>From there you can check from the host OS that you have a access to the internet via the VPN:</p>
<img src="11.png" class="imgRz">
<!--<p>From there you'll have the tun0 network interface available, which we can use in the QEMU VM XML configuration: </p>
<img src="3.png" class="imgRz">
<p>As you can see here, we have the tun0 interface, with the 10.5.0.0/16 subnet, so we'll use a smaller subnet within that same subnet to create our VPN NAT configuration:</p>
<img src="4.png" class="imgRz">
<p>Then use it on your VM configuration like so:</p>
<img src="5.png" class="imgRz">-->
<p>From there, you need to make sure that your VM has it's network interface set as "NAT" as it is by default (be aware that if the VM network interface is configured as macvtap or bridge, the traffic won't go through the VPN!):</p>
<img src="12.png" class="imgRz">
<p>And then once applied, you can check if it works as intended from inside the VM (all that's required is for the VM to have a NAT connection), by going to <a href="https://mullvad.net/en/check">https://mullvad.net/en/check</a> from inside the VM:</p>
<img src="6.png" class="imgRz">
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- <div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Whonix VPN -> Tor Setup </b></h2> </br> </br>
<p>As we explained previously <a href="../torthroughvpn/index.html">here</a>, if your ISP does not allow Tor traffic, you need to hide it behind a VPN. And when you want to use Anonymity on the VM itself. One simple way to do it is to route the network traffic (via NAT) through a Host-based VPN like we showcased above. </p>
<p>The existing Whonix-External network looks like so by default:</p>
<pre><code class="nim">
<<b></b>network>
<<b></b>name>Whonix-External<<b></b>/name>
<<b></b>uuid>1775d1fe-1606-4962-a3a6-b7b451b9442e<<b></b>/uuid>
<<b></b>forward mode="nat">
<<b></b>nat>
<<b></b>port start="1024" end="65535"/>
<<b></b>/nat>
<<b></b>/forward>
<<b></b>bridge name="virbr1" stp="on" delay="0"/>
<<b></b>mac address="52:54:00:66:89:bb"/>
<<b></b>ip address="10.0.2.2" netmask="255.255.255.0">
<<b></b>/ip>
<<b></b>/network>
</code></pre>
<p>And it needs to be changed to the following:</p>
<pre><code class="nim">
<<b></b>network>
<<b></b>name>Whonix-External<<b></b>/name>
<<b></b>forward dev='tun0' mode='nat'/>
<<b></b>bridge name='virbr1' stp='on' delay='0'/>
<<b></b>ip address='10.0.2.2' netmask='255.255.255.0'>
<<b></b>/ip>
<<b></b>/network>
</code></pre>
<p>So do the following:</p>
<img src="7.png" class="imgRz">
<img src="8.png" class="imgRz">
<img src="9.png" class="imgRz">
<img src="10.png" class="imgRz">
<p>And that's it! We now have a (VPN -> Tor) setup, in case if your ISP doesn't allow Tor traffic, concealing it behind the VPN.</p>
</div>
</div>
</div>
</div>
<!-- +++++ Footer Section +++++ -->
<div id="anonb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>Nihilism</h4>
<p>
Until there is Nothing left.
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nowheremoe:nowhere.moe">Matrix Chat</a><br/>
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About nihilist</h4>
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>