Hi everyone, been reading through Mirimirs guides on IVPN. Got a few questions. In Part 2, the host is always running a VPN so if the VM is NATed to the host why does it also need to be running a VPN connection? Won't all its traffic just go through the hosts VPN? Also, would it be considered insecure to run the host unVPNed but use bridged mode for VM and only run a VPN on the VM? So 'normal' browsing/iTunes/windows update runs in the clear but 'private' stuff could be done using the VM? Could a keylogger that found its way onto the host log keystrokes from the VM? I'm considering running Windows (using TinyWall to whitelist as required) as the host and Debian for the VM, btw.
This is a thread where you'll be expecting Mirimir to jump on, since the referenced guides are his. He and I are kindred so let me step back and give MY oversight to see if you are on the same page. We use the HOST OS for the SOLE purpose of being a host only. Its the iron lung that supports the functioning of the various VM's that will run and be bridged to/through it. There is NO internet activity that ever happens on the host in this model (one exception is for occasional updating of the OS itself, but that's it. No surfing, etc from the host ------- EVER! The chaining of VPNs, VM's, TOR, Whonix, etc are all maintained and operated outside of the host. This model virtually eliminates the possibility of a key logger on the host. This post could be pages long, but again you probably want to hear from the guide's author (Mirimir). Those guides are great tools, and BTW welcome to Wilder's Security!!!!!!!!!!!!!!!
What Palancar said The fundamental goal in those guides is implementing a nested VPN chain with pfSense VMs. There's a VPN client in the host machine, and a few pfSense VPN-client VMs. Each of the VPNs in the chain is from a different provider. That distributes trust, in that adversaries would either need to compromise multiple providers, or capture network traffic from enough places and do traffic analysis. For doing insecure stuff on the same machine, it would be best to use a workspace VM that's bridged to the host network adapter. But there's some risk of leakage, albeit small. It's better to just use a different machine. I use a KVM switch. I don't recommend Windows as the host. You could use it as a VM for insecure stuff.
OK, thanks for the replies guys. Because my threat model is purely ISP logging i only considered the basic setup from IVPN which doesn't use pfSense and for reasons i won't explain i need to use Windows as the host which is why i'm trying to find the best case compromise i described in my first post. I can't run a VPN on the host all the time either but would like to do some 'private as possible' surfing from it. Tor also is not an option unfortunately. So in these circumstances would a VM running a VPN be my best case compromise? Also, is there any advantage of either bridged or NAT in this case?
With VirtualBox, NAT is best unless you have some reason to want bridging (running a webserver, bridging to a second network adapter, or whatever).
I know this will sound stupid but I'm confused about what pfsense is. I thought it was a software firewall that you install on a VM. But then I hear it refered to as a pfsense VM. So is it actually a VM or is it a VM with pfsense installed in it?
pfSense is an OS, albeit a small and highly specialized OS. It's based on FreeBSD. So yes, we're talking about a VM with pfSense installed in it.
pfsense is easy to employ ---- IF ----- you have compatible hardware, with the critical piece being the NICs on the machine. I have experienced both ends of this spectrum and believe me when I tell you that incompatible gear will prevail over your best efforts to be the "winner" of the battle. If you have the correct hardware you will experience an amazingly secure and "professional grade" network setup. Since the VM's are so small you can CHAIN the pfsense machines forming a nice multiple hop circuit. Just an opinion here; but if you are just contemplating Pfsense I would start with making SURE you have compatible hardware. It'll save you frustration you can't imagine. Believe me, I tried the other route and you'll come away soooooooooooo frustrated!!
pfSense likes Intel and Broadcom network adapters. It doesn't like Realtek, especially the newer ones that are specialized for high throughput in Windows. That's a particular problem for laptops with integrated Realtek, which is typically optimized for Windows. You may need to use a PCMCIA card. I vaguely recall that USB network adapters don't work so well.
