Question for Mirmir

Discussion in 'privacy technology' started by caspian, Jan 6, 2014.

Thread Status:
Not open for further replies.
  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Unless you add a user and change permissions, which I don't recommend, copying from the VM filesystem to the shared folder requires sudo, but copying from the shared folder to the VM filesystem does not. That's how it should be, in the sense that the host already owns everything about the VM, but the host is (ideally) isolated from the VM. If you make the shared folder read-only, the VM can't write to it, even with sudo.
     
  2. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    I have a question about configuration for the pfSense VPN VM. (It is tutorial part 6)

    The tutorial say
    I try using Security Kiss like you suggest.

    The Status: System logs: OpenVPN line say this
    Code:
    PUSH: Received control message: ‘PUSH_REPLY, redirect gateway def1 bypass-dhcp,dhcp option DNS 10.10.0.1  . . .
    is it ok?

    And tutorial say
    Does it mean I should put 10.10.0.1 in Services: DHCP server?
    I am asking because that seem an internal IP address.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Yes, the SecurityKISS DNS server is 10.10.0.1.
    Yes, enter 10.10.0.1 as a DNS server in the DHCP server config page.

    It is a private/internal IP address, and it's reachable only through the VPN tunnel.
     
  4. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    Thank you very much indeed for the tutorials. So very detailed and helpful. It is very impressive.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Thanks :)

    They're also my portable notes ;)
     
  6. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    In the part about pfSense aliases for tutorial 6, do you know what is now the value to use for update?
    I try

    Code:
    www.pfsense.org updates.pfsense.org
    but I do not think it allow to put 2 values.
    Instead I use just

    Code:
    updates.pfsense.org
    Is it enough?
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    It accepts two values, separated by a space. No comma etc, just a space.
     
  8. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    I am trying a new vpn but having some problems.
    This one use user name and password authentication. Also tls.

    Main problem seem to be for getting user name and password from pfsense vm-client to vpn server.
    Using livecd pfsense webgui configurator, I save the user name and password to
    /var/etc/openvpn/user-pass.
    I get vpn connection working.
    But when reboot, /var/etc/openvpn/user-pass no more existing.
    I have to recreate user-pass file.

    Also, I cannot use remote-cert-tls server command. When I try to use it, I get no vpn connection.
    But when I take it out, it working.
     
  9. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    Something else, but smaller issues.

    I am using VBox version 4.3.12

    In the instructions for Advanced Privacy and Anonymity part 5 - Installing VirtualBox and Creating VMs, it say

    I do not see any option for Enable absolute pointing device.

    And when I deselect Enable USB controller, there is error message "invalid settings detected" and then that setting seem to be automatically reselected.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Yes, the latest pfSense releases clean out /var/etc/openvpn/. Put user-pass in /usr/local/share/.
     
  11. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    For my question about /var/etc/openvpn/user-pass -

    It seem that if you want to use a live CD for setting pfsense configuration with webgui
    and if your VPN uses user name and password authentication, then you MUST use shared folders (or you must re-create /var/etc/openvpn/user-pass file each time you start the webgui). Othwise, the user name and password will be lost when you stop running the live CD.

    So for using VPN with user name and password and live CD webgui configuration, I should save user name and password to shared folder on host computer, and access that folder from live CD.

    Is it correct?
     
  12. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    Sorry, I start writing my last question before see that you already made an answer!
     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Yes, the latest VirtualBox releases changed the options. Select "PS2 Mouse" because it has the least requirements (and isn't used in any case because pfSense itself has no GUI desktop, just a webGUI).

    If deselecting "Enable USB controller" leads to "invalid settings detected", you must have something enabled that requires USB. Maybe "USB Tablet" or "USB Multi-Touch Tablet" is enabled?
     
    Last edited: Aug 21, 2014
  14. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    Thanks for replies. I will check later.
     
  15. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    This working.
     
  16. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    Have you tried kvm instead of vbox?
     
  17. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    No, I haven't. Some years ago, I considered various options including KVM, and decided to go with VirtualBox. As I recall, it was my impression that KVM provides less isolation than VirtualBox does between VMs and the host. But maybe I was just naive.

    I see that Whonix is moving from VirtualBox to KVM, and I tend trust them. There are concerns about Oracle, ranging from its use of non-free software to overall transparency and trustworthiness. See https://www.whonix.org/wiki/KVM#Why_Use_KVM_Over_VirtualBox.3F

    So maybe I will :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.