How configure whonix to connect to vpn?
680 views
Skip to first unread message
theman
Jan 31, 2016, 12:41:18 AM1/31/16
to qubes...@googlegroups.com
I have whonix successfully using my vpn firewall VM as its net VM. I
want my VPN provider to see my IP as TOR's exit node. Do I have the
right setup? If not, how do I configure things?
Instructions from my VPN provider tell me to launch TOR bundle, then
open the VPN client (whatever that is - their MS Windows program
perhaps?) and go to proxy settings and, using their given settings,
enter the proxy type, server and port and to use one of the TCP
connection options.
The VPN provider has supplied a number of .ovpn files for linux, a
number of which appear to be for the TCP connection options. So should I
add the proxy type, server and port details to one of those files and
use it in the same way I have configured my current .opvn file, to run
in a VM as a firewall VPN configuration, and put that VM between whonix
gw and the sys-net VM? Hope that makes sense?!
want my VPN provider to see my IP as TOR's exit node. Do I have the
right setup? If not, how do I configure things?
Instructions from my VPN provider tell me to launch TOR bundle, then
open the VPN client (whatever that is - their MS Windows program
perhaps?) and go to proxy settings and, using their given settings,
enter the proxy type, server and port and to use one of the TCP
connection options.
The VPN provider has supplied a number of .ovpn files for linux, a
number of which appear to be for the TCP connection options. So should I
add the proxy type, server and port details to one of those files and
use it in the same way I have configured my current .opvn file, to run
in a VM as a firewall VPN configuration, and put that VM between whonix
gw and the sys-net VM? Hope that makes sense?!
prance...@sigaint.org
Jan 31, 2016, 11:32:48 AM1/31/16
to theman, qubes...@googlegroups.com
You have it the wrong way around if you want your visible ip to be your
vpn's. Create a proxy vm and configure it according to the instructions on
the mailing list (search openvpn revisted). Set the vpn proxyvm's netvm as
the whonix gateway vm. Then make an appvm (or many, don't forget unlike
with whonix workstations, they won't have different IPs) and set their
netvms to the vpn proxy vm.
Personally, I think this approach is bad. You've already been using your
vpn from your real ip, I doubt there is no money trail from the vpn
provider to your real identity (simply because it's incredibly hard to
achieve), and even if the vpn claims not to keep logs, you have no way of
knowing for sure (don't forget hidemyass).
vpn's. Create a proxy vm and configure it according to the instructions on
the mailing list (search openvpn revisted). Set the vpn proxyvm's netvm as
the whonix gateway vm. Then make an appvm (or many, don't forget unlike
with whonix workstations, they won't have different IPs) and set their
netvms to the vpn proxy vm.
Personally, I think this approach is bad. You've already been using your
vpn from your real ip, I doubt there is no money trail from the vpn
provider to your real identity (simply because it's incredibly hard to
achieve), and even if the vpn claims not to keep logs, you have no way of
knowing for sure (don't forget hidemyass).
Patrick Schleizer
Jan 31, 2016, 5:13:42 PM1/31/16
to qubes...@googlegroups.com
theman:
Did you see the Whonix documentation on the tunneling topic already?
Please have a look.
https://www.whonix.org/wiki/Tunnels/Introduction
Then please use the same terminology as on that page. Otherwise everyone
will easily talk past each other. And reask our question should still be
anything unclear.
Connecting to a tunnel-link (proxy/VPN/SSH) before Tor
User -> proxy/VPN/SSH -> Tor -> Internet
Connecting to Tor before a tunnel-link (proxy/VPN/SSH)
User -> Tor -> proxy/VPN/SSH -> Internet
Cheers,
Patrick
> I have whonix successfully using my vpn firewall VM as its net VM. I
> want my VPN provider to see my IP as TOR's exit node. Do I have the
> right setup? If not, how do I configure things?
It's not clear to me what you are asking.
> want my VPN provider to see my IP as TOR's exit node. Do I have the
> right setup? If not, how do I configure things?
Did you see the Whonix documentation on the tunneling topic already?
Please have a look.
https://www.whonix.org/wiki/Tunnels/Introduction
Then please use the same terminology as on that page. Otherwise everyone
will easily talk past each other. And reask our question should still be
anything unclear.
Connecting to a tunnel-link (proxy/VPN/SSH) before Tor
User -> proxy/VPN/SSH -> Tor -> Internet
Connecting to Tor before a tunnel-link (proxy/VPN/SSH)
User -> Tor -> proxy/VPN/SSH -> Internet
Cheers,
Patrick
theman
Jan 31, 2016, 5:26:35 PM1/31/16
to qubes...@googlegroups.com
Thanks Patrick. This is where I'm struggling.
I currently have whonix ws -> whonix gw -> proxy vpn firewall -> sys-net vm.
So does that mean I have the following setup?
Connecting to Tor before a tunnel-link (proxy/VPN/SSH)
User -> Tor -> proxy/VPN/SSH -> Internet
I currently have whonix ws -> whonix gw -> proxy vpn firewall -> sys-net vm.
So does that mean I have the following setup?
Connecting to Tor before a tunnel-link (proxy/VPN/SSH)
User -> Tor -> proxy/VPN/SSH -> Internet
bur...@gmail.com
Jan 31, 2016, 10:13:49 PM1/31/16
to qubes-users, the...@infrasonic.com.au
On Sunday, January 31, 2016 at 5:26:35 PM UTC-5, theman wrote:
> Thanks Patrick. This is where I'm struggling.
>
> I currently have whonix ws -> whonix gw -> proxy vpn firewall -> sys-net vm.
>
> So does that mean I have the following setup?
>
> Connecting to Tor before a tunnel-link (proxy/VPN/SSH)
> User -> Tor -> proxy/VPN/SSH -> Internet
>
>
> Thanks Patrick. This is where I'm struggling.
>
> I currently have whonix ws -> whonix gw -> proxy vpn firewall -> sys-net vm.
>
> So does that mean I have the following setup?
>
> Connecting to Tor before a tunnel-link (proxy/VPN/SSH)
> User -> Tor -> proxy/VPN/SSH -> Internet
>
>
That would mean the sites you visit see a Tor exit node address.
donoban
Feb 1, 2016, 6:25:18 AM2/1/16
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 31/01/16 17:32, prance...@sigaint.org wrote:
> I doubt there is no money trail from the vpn provider to your real
> identity (simply because it's incredibly hard to achieve)
Is it really so difficult using bitcoin?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJWr0COAAoJEBQTENjj7Qily0IQAIDlgkLOmQ2KfW/xxVDwsWu2
8j/gujpnA0ZiyGyI6A9QlIQeXSLiQpGB/2zQlWLx4kbl7bY4lg6c5Y1eN8w3s2LR
v3T8gVuTvlYZklOqgCSQ2UzaSvL9WRUyh85hFwhfMW0tTScprjozLn2kChef4k7Q
oXUoCOI4DTKZuBHO3DUmIg8edvRg6TvmDUt6x8laHvwjgskCWdcAtHRDa/hQMFRG
GJnoCvkcDAic2/sq/C7QE0dQl4VInX9h133sOC5CmDzo2Vh4oJXtAZUylHAS5VP2
5EiZGkpatif03MBOUWcgnSSIFiDdnecjFZ0G23QPH9yI1YL51w5xanhIwOpYRwb8
jXxBNftOjDvWcxja27Rh/xYptYV3vRgNZwl6yN4YJ7vwr4xvyRqmWkvyBEHx5uG1
nSku0VSVBXFJXJn6AjLFaCuwwE2uvHTQWole22Qhf57HyaesaxUZqw0VS+ah+nj3
AmHN9ApeynUg3Wp9gRf9qOwoDWFrHSXlxWmj2jzw8OucngwLPUesB5Ysi0EzRWOa
rfd6VZyj7aoEIFosSv1+oFmjPVWu3/r8wfvRRQPNeYsXbqFfLaSWHLoF6QLT4Ccz
iYe7sSq6s0vLwa6KMET/lROZw+yBSdGeU/TQ5bdwAIS+2nChGrqa0Wq6nGzVuia5
bzF3aUHPPtrPjPoNgViB
=vbEm
-----END PGP SIGNATURE-----
Hash: SHA1
On 31/01/16 17:32, prance...@sigaint.org wrote:
> I doubt there is no money trail from the vpn provider to your real
> identity (simply because it's incredibly hard to achieve)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJWr0COAAoJEBQTENjj7Qily0IQAIDlgkLOmQ2KfW/xxVDwsWu2
8j/gujpnA0ZiyGyI6A9QlIQeXSLiQpGB/2zQlWLx4kbl7bY4lg6c5Y1eN8w3s2LR
v3T8gVuTvlYZklOqgCSQ2UzaSvL9WRUyh85hFwhfMW0tTScprjozLn2kChef4k7Q
oXUoCOI4DTKZuBHO3DUmIg8edvRg6TvmDUt6x8laHvwjgskCWdcAtHRDa/hQMFRG
GJnoCvkcDAic2/sq/C7QE0dQl4VInX9h133sOC5CmDzo2Vh4oJXtAZUylHAS5VP2
5EiZGkpatif03MBOUWcgnSSIFiDdnecjFZ0G23QPH9yI1YL51w5xanhIwOpYRwb8
jXxBNftOjDvWcxja27Rh/xYptYV3vRgNZwl6yN4YJ7vwr4xvyRqmWkvyBEHx5uG1
nSku0VSVBXFJXJn6AjLFaCuwwE2uvHTQWole22Qhf57HyaesaxUZqw0VS+ah+nj3
AmHN9ApeynUg3Wp9gRf9qOwoDWFrHSXlxWmj2jzw8OucngwLPUesB5Ysi0EzRWOa
rfd6VZyj7aoEIFosSv1+oFmjPVWu3/r8wfvRRQPNeYsXbqFfLaSWHLoF6QLT4Ccz
iYe7sSq6s0vLwa6KMET/lROZw+yBSdGeU/TQ5bdwAIS+2nChGrqa0Wq6nGzVuia5
bzF3aUHPPtrPjPoNgViB
=vbEm
-----END PGP SIGNATURE-----
prance...@sigaint.org
Feb 1, 2016, 8:18:52 AM2/1/16
to donoban, qubes...@googlegroups.com
I hate to break it to you, but bitcoin isn't anonymous by default. And to
buy and use bitcoins anonymously is virtually impossible It's definitely
better than paypal, but anonymous it is not.
buy and use bitcoins anonymously is virtually impossible It's definitely
better than paypal, but anonymous it is not.
Patrick Schleizer
Feb 1, 2016, 8:50:54 AM2/1/16
to qubes...@googlegroups.com
theman:
[and Tor exits] should see regular Tor, not VPN trafffic.
Cheers,
Patrick
> Thanks Patrick. This is where I'm struggling.
>
> I currently have whonix ws -> whonix gw -> proxy vpn firewall -> sys-net
> vm.
>
> So does that mean I have the following setup?
>
> Connecting to Tor before a tunnel-link (proxy/VPN/SSH)
> User -> Tor -> proxy/VPN/SSH -> Internet
Right. Your ISP should see VPN, not Tor traffic. Destination servers
>
> I currently have whonix ws -> whonix gw -> proxy vpn firewall -> sys-net
> vm.
>
> So does that mean I have the following setup?
>
> Connecting to Tor before a tunnel-link (proxy/VPN/SSH)
> User -> Tor -> proxy/VPN/SSH -> Internet
[and Tor exits] should see regular Tor, not VPN trafffic.
Cheers,
Patrick
Patrick Schleizer
Feb 1, 2016, 8:51:00 AM2/1/16
to qubes...@googlegroups.com
donoban:
search engines. There have been research papers on this.
See also:
https://www.whonix.org/wiki/Money
Cheers,
Patrick
>
>
> On 31/01/16 17:32, prance...@sigaint.org wrote:
>> I doubt there is no money trail from the vpn provider to your real
>> identity (simply because it's incredibly hard to achieve)
>
> Is it really so difficult using bitcoin?
>
Using them anonymously: imho yes. Enter bitcoin and anonymity into
>
> On 31/01/16 17:32, prance...@sigaint.org wrote:
>> I doubt there is no money trail from the vpn provider to your real
>> identity (simply because it's incredibly hard to achieve)
>
> Is it really so difficult using bitcoin?
>
search engines. There have been research papers on this.
See also:
https://www.whonix.org/wiki/Money
Cheers,
Patrick
Reply all
Reply to author
Forward
0 new messages