Question: Difference between Routed vms and non routed vms

Hi, i just followed the tuts from: https://www.wilderssecurity.com/showthread.php?t=316044
and i want to know what's the difference between this metod and connecting to a vpn trough network manager in a normal(xubuntu) VM

thanks!.

 

It's easy to tunnel one VPN through another, by running one on the host and another on the VM. It's also easy to tunnel Tor through a VPN, by running the VPN on the host, and the Whonix VMs.

However, chaining multiple VPNs and Tor in various combinations is much harder (if doable at all) without using pfSense router VMs as VPN clients.

Also, using the pfSense GUI, it's easy to set up VPN connections that are protected against leaks by proper routing and firewall rules. Given that pfSense is widely deployed in enterprise environments, I'm pretty confident about its security.

Edit: The pfSense routing and firewall setup are wrong in my old tutorials. See https://www.wilderssecurity.com/showthread.php?t=339051 for correct setup. That's also shown in my draft Vimeo tutorial (still without sound).

 

Doable with routing tables, yes. Difficult to find out, yes. Difficult to do if you know how, probable not. Just no one did care to research and document it. However, using extra boxes (or VMs) is certainly safer, so I did neither bother researching that.

I didn't verify that claim, but have no reason not to believe it. For the arguments sake, I accept that claim to show a small logical mistake.

Firefox is also widely deployed in enterprise environments, I'm pretty confident about its security (especially when it was the real alternative to internet explorer). Firefox also supported socks proxy settings. For many years there was a bug, that's why The Tor Project shipped a http2socks proxy (polipo or privoxy).

Professional software + socks proxy settings unfortunately does not equal a safe socks proxy implementation.

I wrote that in the TorifyHOWTO a while ago an no one has ever challenged my claim.

Network Manager dev stated...

Even though Network Manager is also used in professional environments.

Assuming the pfSense developers had anonymity in mind is a very strong assumption. I don't recommend that and advise to ideally check yourself, or at least asking the developers if they had anonymity in mind or if there could be leaks.

 

That's a good point. What I know is that pfSense VPN clients set up (as in the Vimeo tutorial) with everything routed through the VPN gateway don't leak, and fail closed if I kill the openvpn process. I could ask on the pfSense list, but I doubt that I'd get much response, because anonymity is indeed not a focus of the developers (and because I'm new there).