Why Should I Use a VPN

You don't run that stuff in your host machine. And you don't want to run them through Tor, either. It's too slow, and it's bad manners

You create a second Xubuntu VM, which will connect through the pfSense VM that's running your VPN. And you run your torrent client etc in that.

In other words, you'll have two Xubuntu VMs. One connects to the pfSense VM, which is running the VPN. You run your torrent client etc in that. The other Xubuntu VM connects to the ra's gateway VM, which in turn connects to the pfSense VM. You run your inner VPN in that.

 

you dont run that stuff in your host machine, why not?


vpn>tor>vpn isnt that slow

so no vpn>tor>vpn for torrents ey?, yaharrr!!!

damn doesnt make any sense thou ,since wouldnt it be better to have it used for torrents as well


so all this is is for browsing , damn it , there gotta be a way

"In other words, you'll have two Xubuntu VMs. One connects to the pfSense VM, which is running the VPN. You run your torrent client etc in that. The other Xubuntu VM connects to the ra's gateway VM, which in turn connects to the pfSense VM. You run your inner VPN in that."


i dont get it -.-' please in english, lols, so you mean the torrent client connects to my first vpn thats connected to my isp instead of connecting to the outer vpn ?!


so its like this , ras gateway connects to >pfsense > xubuntu connects to ras gateway and finally connects to the outer vpn and then tor browser bundle ontop ? and the first one would be a regular vpn connection using my isps ip


is there a way to have my host machines internet aka my real ip connect through vpn>tor>vpn , instead of just real ip >vpn >internet thats what id like and then for banking perhaps a seperate vm or such that uses my real ip , since im currently using one vpn connected to my real ip, perhaps i havent explained myself good enough in the beginning

 

I only use my host machines for non-anonymous personal stuff and work.

It's selfish to use Tor bandwidth for large file transfers. Just because you can do it safely using VPNs doesn't make it right. Some don't even like Whonix, because it updates over Tor

For fun is the best reason

The Xubuntu VM with your torrent client connects to the Internet through the outer VPN that's running on your pfSense VM. There's a ra's gateway VM that also connects to the Internet through the outer VPN that's running on your pfSense VM. And your other Xubuntu VM for browsing connects to the Internet through the ra's gateway VM.

 

damn it give me some minutes on editing , lols your too fast , reread please

ok about you using your host machine for non anonymous stuff, well im different i use it for everything , no problem , ever since truecrypt invented the hidden os , everybody that uses it knows its really no prob to keep your anonymous and "real" life identity of interest seperate


selfish? using tor bandwith for large file transfers? hell yeah i am ,lols , ive done that in the past thou , no problems its not even that slow actually , depending on your bandwith , exspecially with tor2 in the works , lols about the whonix update comment xD


ok so i was right , torrents run the same as if i never had a vm in the first place , well that sucks, its only for the web browsing -.-, hey wait if i use the 2nd vm i can use it with torrents, wohooo!!!


again ,i ask is there a way to have my host pc have it connect through the 2nd vm like a gateway and then have net access? and have my banking have a vm that connects directly to my real ip ? thats what id be aiming for, work your magic mirimir

 

I need a diagram here

The pfSense VM is NATed to the host on its WAN interface, connects to your outer VPN, and routes the VPN tunnel to its LAN interface, which hosts the internal network "pfsense".

The ra's Tor gateway VM connects to the internal network "pfsense" on its WAN interface, and routes Tor to its LAN interface, which hosts the second internal network "Tor".

The Xubuntu VM connects to the internal network "Tor".

Basically, it's a computer (Xubuntu VM) connected to the Internet through two chained routers (ra's Tor gateway VM and pfSense VM).

Yes, there is. But let's get the VM stack working first.

 

ahhh , yeah as i was saying ,lmfao

fyi ill be using lmfao and lols alot more it would seem so atm, be forewarned


ok so ill get back to the tutorial then , good to know im still on the right path here , gotta pat me on the back there for a sec


ok im at the



"Create an OpenVPN Client for the VPN Service"


section now

 

You can run your torrents through a multi-hop VPN, which is routed through a second multi-hop VPN, etc using multiple pfSense VMs.

Yes, there is. You can have a chain of router VMs, running VPNs and Tor, with the final VM connected to the VBox Host-only Adapter. But you'll need careful routing to use that right.

 

well thats what im aiming for to get this setup right , since i liked the idea of using vpn>tor>vpn idea alot tbh , exspecially since your outer vpn aka the last vpn in the chain has you tor ip not your real ip , wich is alot better than having your real ip connect to your vpn and use that for torrenting , id asume this is more secure than just daisy chaining paid multihop vpns like air etc ? am i right ?

update:


"Using "Devices | Shared Folders" in the top VirtualBox menu of the Ubuntu VM, create a transient shared folder (so you can get the OpenVPN configuration information from the host machine). For the folder path, type your home path (which is "/home/username", replacing "username" with yours). The wizard will use "username" as the share name"


/home/username >when i replace username with my account username from my host while having xubuntu vm powered off , well it dont enable the ok button , but say when i select C:\Users\username, it allows me to ok it, what now, mind you i dont have a homegroup setup since ive set my network connections all to public

 

Yes, it's pretty clear to me that VPN>Tor>VPN is a lot more secure than VPN>VPN>VPN, or even VPN>VPN>VPN>VPN, even if all those VPNs are multi-hop. Interposing Tor makes it very hard for attackers to walk the VPN chain back to you. And embedding Tor within a VPN chain protects from Tor vulnerabilities, because it's not so obvious that you're using Tor, either to your ISP or the Internet.

OTOH, it's overkill for torrenting, unless you're torrenting stuff that your locals really don't like. And, unless it's serious stuff for you, it's selfish to take bandwidth that others do need for serious stuff.

 

You can edit the shared folders dialog with the VM running. And yes, your host is a Windows box, so it's "C:\Users\username". But the rest of it, in the Xubuntu VM, is the same as in the tutorial.

 

it is serious to me mirimir , btw thanks that helped , and thanks for clearing up the question, btw i dont think my couple packets of data will influence the vast tor node network

 

OK, I'll stop moralizing

 

hey mirimir , got a new prob , it wont let me use the shared folder without installing the guest addons or so the popup window tells me, ive already added my username folder thou its in transient folder , i added a second virtual drive in order for it to load the guest addons iso , now it gives me the drives folder from the iso, but no autorun or anything that has it autoinstall not sure what to do , and when i click the 8.3gb lvm2 physical volume it says not a mountable file system is this normal ?, help

 

Yes, shared folders require Guest Additions.

I'm not sure what you mean by this. In any case, shared folders won't mount without Guest Additions.

Damn, I forgot about how Xubuntu handles Guest Additions. When you installed, you should have gotten a message/prompt about using proprietary drivers. They are VBox Guest Additions. If you didn't install them, select "Settings/Additional Drivers" from the main Xubuntu menu, and install them. Sorry about that.

Yes, that's normal. You can't mount that. I don't know why they bother showing it in the left file browser panel.

 

good to know that its normal, yeah me neither , btw thanks for letting me know that i have to activate the drivers for it first aka oracle vm virtualbox guest additions for linux module, do i even need to install the guest additions or do i already have em ? since when i select shared folder now i dont get the popup notice no more

now i can use my mouse seamlessly as well , no need for global key , anyhow still no idea how im supposed to install this iso i only get the explorer view of the iso -.-

 

No, you don't need to install Guest Additions now -- the "additional drivers" ARE the Guest Additions, or equivalent to them, anyway. And actually, if you execute "autorun.sh" you'll get a warning about messing things up.

Now you should be able to mount your shared folder. First create a folder "host" in Xubuntu /home/username, and run "sudo mount -t vboxsf win_username ~/username" in terminal.

 

I respect everyone's opinion but your way off when it comes to privacy and anonymity. Sure it's nice to discuss the technical aspects of it BUT your missing the point.

I can go on but I'm not sure people want a philosophical discussion about these topics

 

i will continue , had a little break , thanks

btw what you talkin about computersaysno, i sure would like to hear what you have on your mind sir , thats for what wilders exists to help eachother and exchange thoughts and experiences on security , no need to hold back

update:

Then type "sudo mount -t vboxsf sharename ~/host" (replacing "sharename" with the name of the share that you just created) and hit "Enter". Supply your password to authenticate, and hit "Enter".


did that , then it shows [sudo] password for username

wile i enter the password theres nothing to be seen , anyhow i hit enter and its back to username@ubuntu:~$ , is this how its supposed to be?

 

There are no Whonix ISOs. They are just a vague development idea and unlikely to be created by me.

There are only Whonix .ova images (virtual machine images for Virtual Box) and instructions how to install Whonix on two separate physical machines.

Yes.

Yes.

Yes.

From that perspective... Well, in (VPN ->) Tor -> (VPN) -> website case a browser other than Tor Browser may make more sense, but there is still browser fingerprinting.

Locking down the browser looks quite difficult.

Sounds interesting!

Would that be a VPNBOX?

We used to call it VPNBOX when Whonix was still called TorBOX. Maybe if that idea goes alive again we should call it Whonix-VPN-Gateway.

The pfSense VM would act as Whonix-VPN-Gateway?

All Whonix-Workstation traffic gets forced through the VPN? And fail closed?

http://sourceforge.net/p/whonix/wiki/Inspiration/#vpn

Well, it's a long living circuit. Not insecure.

I am just noting, the whole Tor + VPN combination is very controversially discussed:
https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN

It's ok. Tor developers didn't complain:
http://sourceforge.net/p/whonix/wik...downloading-operating-system-updates-over-tor

 

Whonix and File Sharing, please see:
https://sourceforge.net/p/whonix/wiki/FileSharing/

 

I almost feel like I'm drowning trying to understand this thread.

Mirmir, I really hope you do make some video tutorials as I might finally get to grips with your set up which sounds very interesting. I don't think my computer is anywhere near powerful enough to have your set up but I could learn some of the basics.

 

lmfao, its not that bad xD , still waiting on a reply from my last question thou mirimir! , mirimir? , come out come out wherever you are, lols

btw do i modify anything in the Config.txt and if what exactly , your tut doesnt quite explain that part fully , mirimir?

Advanced

ns-cert-type server;auth-user-pass /var/etc/openvpn/client-cred;key-direction 1;redirect-gateway def1;verb 5

client-cred

username
password

ca.crt

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

client.crt

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

client.key

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

tls-auth

#
# 2048 bit OpenVPN static key (Server Agent)
...
-----END OpenVPN Static key V1-----

 

No, it will get political and then get locked...and some of us will disagree with your assertion...which will get political and get locked

PD

 

lols xD


btw mirmir airvpn gives you

ca.cert

user.cert

user.key
and the openvpn config file for the selected server with its servername


no client cert or client.key

 

That might be a valuable discussion. Perhaps you could start a new thread, and explain why you think this is "way off when it comes to privacy and anonymity". As long as we don't get into politics etc, I don't think that would be outside Wilders' scope.