Why Should I Use a VPN

I agree that Whonix is the best way to use Tor.

 

Thanks for bringing this to my attention. I must admit, I'd never heard of it but find it very interesting. I hear that their used to be something called Anonymous OS that was riddled with trojans etc.

 

ohh , this whonix is very interesting , ever since ive heard about the much recommended vpn > tor > vpn method i can finally try it out , thou mirimirs tutorials was always abit over my head , with whonix this seems a real no brainer , shall try it out , see how far i come , lols, been a somewhat long time tester of TAILS and running whonix on your host in combination with truecrypt hidden OS will leave you without the need for a

second physical sytem, leaving no traces , given plausible deniability is upheld, speaking taking care of your decoy os and volumes as well, if you have a second system thou , then id recommend to use it just as a router for all your internet as recommendet by mirimir in his vpn > tor >vpn tut


mirimir talking about high risk threatmodels , well its always good to be abit paranoid as we all are ,it would equal to suicide if not, anyhow if you got any more suggestions please do tell , im willing to listen


, asuming your adversary has all the money and time they can have they could try to backtrack you, if even possible , hell using a hidden service the chance should be virtually non existent, since regular web doesnt use hidden much thou it should ,its most deffinitely better than https ,your best left using the vpn > tor > vpn model , and about accessing your bank with such setup ,i dont feel comfortable using my isps ip for banking, that being all bank traffic being unencrypted and out in the open to read for my isp , hell even with a vpn by itself , i really dont see

an issue since vpn traffic compared to a few years back has pretty much went mainstream , unless youve chosen a bad vpn wich you SHOULDNT! weve got plenty of threads and guidelines here for one not to make that mistake , see paulydefrans previous post about that , now if you live in a country where vpns and tor are highly suspicious to isps and surveillance organizations, then mirimir is right to hack or use an open wifi spot instead with a throwaway laptop and or a live cd/ temperproof encrypted selfdestructing usb key, inside a rented car bought with fake ids and credentials , or something the like fitted to your complexity needs ,lols, yeah i dont think im gona visit that country , ever xD


this part might not be vpn specific but contains it , as we all know this is only the tip of the iceberg when it comes to making sure your privacy is kept private , theres countless more measure to be had , not to forget the easiest of em all , blend in and dont arrise suspicion , funny back in the days for decades ive never ever even considered all this , but nowadays , without it your toast no matter how innocent and law abiding you are, exspecially with that monster epic


datacenter being built and surveillance and data farming running fulltime , hell if this keeps up ,prisons will be overfilled with "law breaking" people , anything that runs against the governments interest wich pretty much is turning out to be anything besides breathing air and not filling theyre corrupt pockets , will get you jailed for lifetime or a ridiculous fine youll never be able to pay off



i say it time and again but most organizations will use a 5 dollar wrench before going the costly and timeconsuming way , not to mention they know how to make a person have a sudden fatal but "unexpected" accident exspecially if your a "nobody", no law (rules can be bent to theyre needs) what was wrong is wright and what was wright is wrong ) ,no judge, no jurry , no court , no nothing and if, then bribed till they give in if they dont want to have an "unexpected" accident themselves, its not always a choice matter thou

so highest priority is NOT under any circumstance to become a target of interest , prevention is the way to go here , be smart and stay safe

 

@happyyarou666

VPN>Tor>VPN using Whonix vs ra's gateway

Whonix (formerly called TorBox) is harder to modify than ra's Incognito [Tor] Gateway VM (at -https://bitbucket.org/ra_). It's basically TBB, with the Tor part in a separate VM. Apps in the Whonix workstation VM must use the gateway VM as a SOCKS5 proxy. Conversely, ra's Incognito [Tor] Gateway VM is just a transparent proxy, and handles all the Tor stuff internally.

For either Whonix or ra's gateway, you can just run the "outer" VPN client in the VirtualBox host machine, with the gateway NATed to host. For ra's gateway, you can just use your favorite Linux workstation VM, and connect the "inner" VPN using Network Manager. For Whonix, you might as well use the Whonix workstation VM, because it includes Tor-ready Firefox.

Although I haven't tested this yet, you can probably install KDE Network Manager and use it for the "inner" VPN. But you'll need to configure it to connect via the Whonix gateway SOCKS5 proxy (192.168.0.10:9100).

Accessing banking and other IRL stuff via VPN>Tor>VPN etc

First, I don't see the point, if it's your IRL bank account under your real name. They already know who you are! Even if you don't trust your ISP, all banks must use HTTPS by now, so your ISP won't see anything private.

If you feel that it's necessary to use a VPN, don't use the same ones you use for your VPN>Tor>VPN etc stuff!

The "highest priority is NOT under any circumstance to become a target of interest"

YES!

 

thanks shall do and ive already installed virtualbox , and downloaded whonix

but you say ras gateway is easier now , damn this is confusing , lols

btw yes i see where you are going with this , using my online banking with my real ip would make sense but then again how would i go about having my real ip only being used for online banking thats the real question since i have my firewall currently setup as such to block everything not being my vpn tap adapter


https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142


as always youtube tuts are always appreciated instead of walls of text ,i learn easier with visuals, not everyone can be a bookworm , lols

 

So I had my first go using a VPN and I already had someone try and get access to port 445 as stupidly my ports were not in stealth mode. To make things worse I had let another program that I think had access to Outlook have permission to enter my system. I've since blocked ports 135-139 and 445 in and out and set myself into stealth mode and also restored my system to a few days earlier just to make sure that I'm ok.

Using a VPN can be a dicey business unless you know what you're doing.

 

Yes, sorry for that. It's because of a security feature:
https://sourceforge.net/p/whonix/wiki/Stream Isolation/

Information on how to VPN>Tor>VPN are available in Whonix documentation.
https://sourceforge.net/p/whonix/wiki/Features/#vpn-tunnel-support

Transparent Proxying is also available in Whonix. (Using proxy settings is recommend for stream isolation.)

This will work for Whonix as well, but you'd have to set up a new browser or to deconfigure the proxy settings for Tor Browser. (Stream Isolation again.)

Whonix-Gateway also supports running Other Operating Systems:
https://sourceforge.net/p/whonix/wiki/OtherOperatingSystems/

Yes.

...or through any other Socks port or through the TransPort. (Stream Isolation again)

There are many aspects. Using Tor for all kind of legitimate traffic (in Whonix in a separate VM for non-anonymous stuff) is fine. (If it is understood how Tor works.) Using it for IRL bank accounts can be dangerous if the bank freezes the account due to a connection from a Tor IP. (Their security policy.)

Yes.

I wrote about this:
https://sourceforge.net/p/whonix/wi...-facebook-account-and-think-you-are-anonymous

Yes.

Yes.

 

Sorry

Whonix is easier for Tor, and the workstation has a proper Tor browser, just like the one in TBB. And, by running a VPN in the host machine, it's easy to connect with the Tor network through the VPN. Doing that, your ISP etc don't see that you're using Tor. But the VPN provider does.

However, it's harder in Whonix to add a VPN client to the workstation. I've managed to get an OpenVPN tunnel up on the workstation, using the gateway's SOCKS proxy. But Tor browser is too well locked down to use the VPN connection. It only connects to the gateway's SOCKS proxy, and I'm not sure how best to proceed. I've asked adrelanos to help.

In that case, it would be better to use a pfSense VM for your outer VPN, rather than running it on the host computer. That way, you could access the internet directly from the host, and access your VPN>Tor>VPN stack from the workstation VM.

If you don't want to use a pfSense VM, you could run your outer VPN on the host, and use it for non-anonymous stuff. In that case, use a mainstream VPN, such as AirVPN or BolehVPN, and pick an exit node in your country, so you don't look strange to your bank etc.

Yeah, maybe I should do videos But that's much harder than just writing walls of text

 

but well worth it


btw so your still asking adrenalos on how to setup a vpn>tor>vpn gateway that is used for everything non banking aka anonymous activities aka everything else than banking , hell we need a tut or something on this

"use a pfSense VM for your outer VPN

If you don't want to use a pfSense VM, you could run your outer VPN on the host"

you have a real talent in confusing the hell out of people mirimir


ive got whonix gateway and workstation isos laying around here and virtualbox up and running , btw with host you mean the virtualbox app or whonix or my actual OS or what the hell , again confused , yeah i know, anyhow awaiting instructions commander , lols

 

This is possible and documented:
https://sourceforge.net/p/whonix/wiki/Tunnel_Proxy_or_SSH_or_VPN_through_Tor/

Or more specifically:
https://sourceforge.net/p/whonix/wiki/Tunnel_Proxy_or_SSH_or_VPN_through_Tor/#tunnel-vpn-through-tor

Or even more specifically:
https://sourceforge.net/p/whonix/wi...-instead-of-socksport-is-required-for-tor-vpn

Tor Browser in Whonix differences:
https://sourceforge.net/p/whonix/wiki/TorBrowser/#tor-browser-in-whonix-differences

Tor Browser special case (slightly in the wrong place):
https://sourceforge.net/p/whonix/wi..._or_VPN_through_Tor/#tor-browser-special-case

Documentation could always be better. Since so many components are involved (tunnel VPN, TransPort, StreamIsolation, Tor Browser) I am not sure how to document it best.

To summarize it:

If you didn't install 0.4.5-fix, the "locking down enforcing proxy setting magic" is done in:
~/tor-browser_en-US/Data/profile/user.js (created by /usr/local/bin/torbrowser update script)

After installing 0.4.5-fix (and in next Whonix version) it is done in:
/etc/environment

To de-configure Tor Browser socks settings, comment out the socks/network specific settings.

I added another note:
https://sourceforge.net/p/whonix/wiki/Tunnel_Proxy_or_SSH_or_VPN_through_Tor/#web-browser

While this is quite interesting, I am not sure it makes sense.

 

I believe host refers to the host operating system. The operating system you had running before you ever knew about Whonix.

 

Yes, I've asked adrenalos to comment about routing a VPN through Tor using Whonix.

Doing that using ra's gateway is described in my tutorials.

Here are the basics for VPN>Tor>VPN:

1. host machine running VirtualBox
2. VPN client running on host machine (or in pfSense VM)
3. ra's Incognito [Tor] Gateway VM serving internal network "Tor"
4. Linux workstation VM (your choice) connected to internal network "Tor"
5. VPN client running in workstation VM
6. Shorewall running in workstation VM to block VPN leaks

Sorry to be confusing.

It'll work either way. So you need to choose which you want. Do you want to access your bank etc naked through the Internet? In that case, use a pfSense VM for the outer VPN.

Or do you want to access your bank etc naked through a VPN? In that case, just run the outer VPN on the host machine.

"Host" is your physical computer that's running VirtualBox.

Don't use the Whonix ISOs. Those are for installing Whonix on two physical computers.

Instead, use the virtual machine images (OVA files) from -http://sourceforge.net/p/whonix/wiki/Download/#download-whonix-virtual-machine-images

 

Oops. Sorry for not reading the manual Thank you.

Yes, it doesn't make sense from the Tor perspective, which (as I understand it) is having all users look the same, and preventing all cross-site correlations for each user.

With the VPN>Tor>VPN approach, you're clearly not the standard Tor user. But OTOH, neither your ISP nor websites that you visit know that you're using Tor. Also, by using Tor, it's harder for observers to identify you, because your routing isn't available from VPN logs.

However, unless you lock down your browser, your activity on multiple websites can be correlated. So you need to keep that in mind in using the setup. That's why it's important to use multiple setups, one for each pseudonym.

 

yeah ive meant the ova files not isos my bad , lols

anyhow what i want is to as said have my bank run naked as advised by you , and the rest of my net traffic to be routed through the vpn>tor>vpn gateway


so i take it i need pfsense vm as well then and if so do i set it up in virtualbox?


btw any advice on what linux vm to get , i have no clue since apparently i need that too? with whonix

virtualbox is ready and loaded , further instructions please,babysteps, one step at a time , thank you , im ready to pull this off after months of thinking about it ,ill be waiting here sitting in my chair, lols



p.s: you have no idea how much easier all this would be to me with a video tut -.-'

 

OK

Yes, you'll need the pfSense VM for your outer VPN, if you want naked Internet access on the host machine.

Create the pfSense VM in VirtualBox as described in https://www.wilderssecurity.com/showthread.php?t=316044. Host machine setup and creating workstation VM are in https://www.wilderssecurity.com/showthread.php?t=315680. Creating and setting up the pfSense VM are in https://www.wilderssecurity.com/showthread.php?t=315826.

If you want your workstation VM to never connect naked to the Internet, create the pfSense VM first, and set up the VPN client using a LiveCD VM, rather than your workstation VM. Then, when you create the workstation VM, connect it to the VirtualBox internal network served by your pfSense VM, so it will always see the Internet through the VPN.

In my tutorials, I said to use Ubuntu. These days, I prefer Xubuntu.

At this point, I don't recommend using an inner VPN running in the Whonix workstation VM. It may not make sense to use Tor Browser with a VPN exit IP address. And it may be hard to properly set up multiple browser profiles. The Whonix documentation recommends separate workstations for each identity. I need to read the Whonix documentation carefully.

But you might as well go ahead and install both Whonix VMs. We know that they work, so it will be a good test for your pfSense VM.

OK, start by (1) creating a Xubuntu LiveCD VM, and (2) creating a pfSense x64 VM.

Then get your VPN account, if you don't have one already. AirVPN is good, but whatever you have is OK.

Then point Firefox in your Xubuntu LiveCD VM to 192.168.1.1, and log into pfSense. The username is "admin" and the password is "pfsense". First change the password. Then set up the OpenVPN client as described in my tutorial. The hardest part is specifying the right options in the OpenVPN client for your VPN service. But you're just copying them from the connection scripts (CONF or OVPN) from the provider.

Got it

 

lets get crackin then shall we , lets see how far i actually get ,dont expect any miracles thou , lol



first thing im gona do now is go and get pfsense and try to follow the pfsense tut


btw do i need pfSense-2.0.1-RELEASE-amd64.iso.gz or pfSense-2.0.2-RELEASE-amd64.ova or pfSense-LiveCD-2.0.2-RELEASE-amd64.iso.gz, thou accordind to your tut it wants the iso non livecd version ,not the ova or livecd version,hmmm, i went with pfSense-2.0.1-RELEASE-amd64.iso.gz , ok

http://files.nl.pfsense.org/mirror/downloads/


then well see what well do about whonix once i get it all setup to a certain stage

got the xubuntu-12.04.1-alternate-amd64.iso. btw


gona continue with the tut now


im abit confused about this line in your pfsense tut thou


You can either leave the default network adaptor ("Adapter_1)" attached to NAT, or you can attach it to an existing internal network that routes another VPN service (which is what I did). Add a second network adaptor ("Adapter_2") and attach it to the internal network "pfsense".


? , so do i select the second adapter and put in pfsense or in the first one or , leave the first one on nat dont mess with it and simply do go to adapter 2 and enter pfsense and internal network?


update: so how in hell do i get my mouse cursor to show up in vm during xubuntu install , drag and drop dont work , since im trying to copy paste a passphrase for encryption lvm but not even keyboard shortcut , ctrl+v , works , odd

 

Hey, it's really not that hard Just be methodical, one step at a time.

Cool

They didn't have the OVA when I wrote that tutorial. But I'm pretty sure that "pfSense-2.0.2-RELEASE-amd64.ova" will be fine. With that, like the Whonix OVA files, you just import the VM, rather than create it from an ISO file.

I've never used the pfSense-2.0.2 release. Looking through the release notes at -http://blog.pfsense.org/?p=676, I don't see anything that changes my tutorial.

At this point, I wouldn't try to add an inner VPN to it. It's much simpler to use ra's gateway VM and a Linux workstation VM. As long as you will just be running a VPN through Tor, and not browsing directly through Tor, I don't believe that this uses Tor insecurely. But I obviously defer to adrelanos or other Tor experts on this.

Still, Whonix is so cool that I'd just go ahead and install it, even if you won't add an inner VPN to it. It's perfect for accessing Tormail and other onion sites.

It's at -http://xubuntu.org/getxubuntu/

 

That's fine, for now. But it's probably wise to upgrade to 2.0.2 soon. That should be doable without reinstalling. I'm going to upgrade all my pfSense clients soon.

That's fine. Using that, you can whole-disk encrypt your Xubuntu VM, if you like

Yes, in your case, Adapter_1 is attached to NAT, and Adapter_2 is attached to internal network pfSense.

You can chain multiple pfSense VMs, routing one VPN through another. But you can try that later

 

yeah lets get this thing working first , btw currently at finishing xubuntu setup

another thing is ive downloaded the latest qubes os as well , so if and when you get to it maybe well be able to use it instead of xubuntu ? hmmm....

 

Yes

Not Qubes, though It's a complete system, vaguely comparable to host OS plus VirtualBox plus VMs (but very secure) that must be installed on hardware. And it's rather picky about hardware. Last I looked, it prefers the ThinkPad T420.

 

well ive managed to finish installing xubuntu now and set it up the same like pfsense , now its up to connecting both to eachother or something still gotta wrap my head around the last part , to bad about quobes thou, guess this will have to do



btw , so how do i continue to set this up in order to have my regular host os use the vpn >tor >vpn connection for all the net traffic except for banking, wich btw of course i havent setup , ive gotten as far as installing pfsense and xubuntu


"Now start an Ubuntu VM that's connected to the internal network "pfsense". Open Firefox, and check your IP address."

how and where open firefox , in xubuntu or in my host machine? confused as usual, and what about this pfsense routing vpn through multiple pfsense vms buisness ?

both pfsense and xubuntu running as we speak

 

OK, cool

The pfSense VM is just a router, so connecting the Xubuntu VM to it is just like hooking your computer to your router (except virtually in VirtualBox).

 

ok that really doesnt explain this :


btw , so how do i continue to set this up in order to have my regular host os use the vpn >tor >vpn connection for all the net traffic except for banking, wich btw of course i havent setup , ive gotten as far as installing pfsense and xubuntu


"Now start an Ubuntu VM that's connected to the internal network "pfsense". Open Firefox, and check your IP address."

how and where open firefox , in xubuntu or in my host machine? confused as usual, and what about this pfsense routing vpn through multiple pfsense vms buisness ?

both pfsense and xubuntu running as we speak

 

Until you install Guest Additions, VMs capture the mouse when you click in them. Hitting the "hostkey" (right Ctrl by default) releases the mouse. And BTW, installing Guest Additions in pfSense doesn't work.

Huh? Your regular OS will not use any of that VPN and Tor stuff. You'll just use that in the Xubuntu VM.

OK, you start the Xubuntu VM. Its network adapter should be attached to the internal network "pfsense". And you open Firefox in the Xubuntu VM. Going to 192.168.1.1 will give you the pfSense management GUI.

That comes later

 

wait what , vpn and tor stuff xubuntu , so what about my anonymous apps in my host os , theyll be using my regular isp ip then ? huh?! omg!, shouldnt it be like my host os uses the vpn >tor>vpn gateway and the online banking using my isp ip in a vm or something like that ?


"OK, you start the Xubuntu VM. Its network adapter should be attached to the internal network "pfsense". And you open Firefox in the Xubuntu VM. Going to 192.168.1.1 will give you the pfSense management GUI."


oh ok , lmfao , thanks my bad just found out , yeah its the ff browser in ubuntu xD, yeah i can be a noob...as usual , ok back to work for me