Whats more secure/private?

Discussion in 'privacy technology' started by Chilipepper, Feb 6, 2014.

  1. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,162
    I did grab 2.1. I was following your #6 scheme over at ivpn and I finished the first 1-19 steps of the process pretty easily. At that point I was looking at the pfsense options page and going to continue later. I thought things were going fine. I shut down because I had to leave for awhile. When I came back and booted up, I launched the pfSense VM and it was booting along fine but stopped with an error:

    Fatal Trap 12 page fault. WTF?

    I just now saw your post about the RAM change. I changed the settings to almost 700 meg to be sure. I have plenty RAM on this box. Still pulling the same error. I am tired and its been a long day in my world. I'll come back fresh tomorrow if I can. I have done zero config of my actual system numbers. For now I am maintaining total vpn control using other methods. This will allow me to grab files and config stuff from some VPN providers. Since you exampled Air I'll use them as the thread continues.

    I don't know if the total lack of setting up the config would lock pfsense during boot. I wouldn't think so. During the build of the VM it totally booted and was waiting for me to select options to finish it off.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,982
    I don't recall ever seeing that error. But pfSense 2.1 does seem more tempermental.

    I recommend nuking the VM and recreating it.
     
  3. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Mr. Brian - NICE FIND! I knew this idea would get hashed out here! :D

    As far as Updates, if Windows never see's the network, I don't think it matters, security wise. BUT, there are performance updates. I was thinking of using the Heise Offline Update method to apply them.
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,162
    Some progress!! Built several new VM's before getting it. I kept getting the same error on new machines too. I downloaded 2.03 and even there got that same error. o_O So I went through building a pfsense machine only this time I ran 2.03 in LIVE mode and it ran all the way through. At the end there is a 99 option to do the hard drive install with all the "tweaking" from the live mode in the build. I selected 99 and it installed easily. On my computer I will pull that error I mentioned half the time, if I close down the VM without halting pfSense properly. As long as I do the "6" halt/shutdown command the machine works perfectly during the next power up. Now I am ready to learn how to configure it.

    Mirimir, I should start another thread on pfSense configuring so we don't kill this thread on MY project. However; any who have read this far can see how nice a hidden 7 OS would be with a pfSense virtual connection for security. I believe this can be done so we have the best of both worlds. I'll come back to this thread if this project completes successfully.

    Mirimir, what forum here do you want me to start a thread in for finalizing a pfSense configuration? I can't quite get this done without some help along the way. I'll spend days reading because this is a hobby for me and I am in no major hurry, although I do get impatient. LOL!!

    ps - I could probably make a pfsense 2.1 VM now too. Since 2.03 is less "bloatware" should I stay with it or update to 2.1? When I log into Air I see some nice gui looking pastes there. My pfSense looks more cryptic than what I am seeing there. Maybe there is a webgui I need to learn to use with pfSense.
     
    Last edited: Feb 25, 2014
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,982
    Yes, it's important to shutdown pfSense before closing it (which is equivalent to pulling the plug). You can also use ACPI Shutdown from the VirtualBox menu instead of the "6" thing.

    There may also be some other setting in VirtualBox that's making the VM unstable. You could check again vs my tutorial.

    Yes, this is a very cool way to use Windows 7 as a hidden OS that runs VMs but can't itself talk to the Internet.

    And yes, let's start another thread for pfSense setup.

    This section (privacy technology) is a good place for it.

    There's a lot of good stuff at the pfSense forums, and there are some guides and tutorials. But most of them are dated, and there is no complete online manual. There's a book, but the existing edition is very out of date, and the update is still in draft form.

    A draft of pfSense: The Definitive Guide Version 2.1 is available to Gold Members (99 USD per year) and Support Customers (500 USD for five hours per year). They say that the book will be published this year. See http://pfsense.org/get-support/index.html#documentation

    I do have a support contract, in case anything comes up.

    I wouldn't say that it's "bloatware". Expecting FreeBSD to run in 256 MB is rather extreme, no?

    So far, you've been using the pfSense serial console, in the VirtualBox window. Once you complete the installation and initial configuration (assigning em0 and em1) you browse the webGUI (default https://192.168.1.1) using a Linux VM (such as Crunchbang) that's attached to the internal network from the pfSense VM's LAN. It's exactly like configuring your LAN router from a machine on the LAN, except that this is a virtual LAN.
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,162
    Thanks for the pointers. I was looking through VirtualBox's settings (overall not specific to any one machine) and notice that preferences for the host machine's wireless are setup already. 7 uses it of course. Would that pre-set configuration be causing me any snags at this point?

    I am still having on and off issues with that error on the VM's. I have looked through the basic 1-19 steps on your #6 guide. That is literally all I have done with pfSense. I hesitate to go full steam ahead until I know I have a reliable machine process at play. Kinda kickin my butt.

    Ok so I'll read for awhile, maybe a day or so, and then as questions start to surface I'll come back and start a thread for this. Thanks again.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,982
    I've never used pfSense on a host with WiFi. That may be the source of the problem.

    Searching for "Fatal Trap 12 page fault" yields numerous hits for pfSense and FreeBSD. It seems to be a kernel panic, with many possible causes.

    However, recent hits about pfSense 2.1 on the pfSense forums point to network-interface compatibility issues. And WiFi NICs are notorious for that.

    I recommend using a wired NIC on the host instead of WiFi. If that's not possible, you could try setting the adapter type in VirtualBox Settings\Network to "Paravirtualized Network (virtio-net)". While that might be painfully slow, it might help confirm the cause -- by working at all, with no "Fatal Trap 12 page fault" crashes.

    Cool :)
     
  8. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I'm going to install Comodo Firewall, instead of using Windows. The idea of using a Windows product, to keep a Windows product from accessing the network, seems odd :D Comodo 'Block All' will work, as well as rules as a backup. Since this is a laptop, I hope blocking in the router isn't necessary... could be a pain at relative's houses, etc...
     
  9. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Or perhaps you could go to the host's NIC properties and disallow everything except VirtualBox Bridged Networking Driver.
     
  10. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,162
    In order for this project to complete successfully we need to remove the windows host from having any internet handshake at all, ever! I am reading around about how I might get around the wireless nic compatibility I may have run into. I can see how easy this project would be on a wired desktop, but that is not the world where I exist. I am mobile and a wired desktop is not for me. I do have and use one, but certainly not exclusively.

    I want a wireless laptop where the 7 host OS has zero connectivity, and where a configured VM provides it.

    I am likely wasting my time but I am going to download an "ancient" version of pfsense to see if less demand for resources might get me around this compatibility issue. This project requires very little processing power to accomplish such a simple thing. I will keep you guys in touch with how that endeavor goes.

    Maybe there is someone reading along here that has a wired windows desktop that could quickly build a pfsense VM and give this a try. Now that I know how to build the VM it only takes about 10 minutes or so to get to the point where its installed and ready to be configured. I may put a drive back in my desktop and spin it this weekend. It won't really help me usage wise, but it would confirm its do-able in a "wired" scenario.
     
  11. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    That's a great idea, thanks mate.
     
  12. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Well, 10 months after my last post, I finally got around to trying this out, LOL! I got it working, but it was a PITA to figure out. But now that I did, it should be easy when I post a tutorial in a few days :) I had to use VMWare Player, as Virtual Box wouldn't use hardware acceleration with my Intel Graphics...VMWare did and works great.

    Stand by...
     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,982
  14. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Ok, I thought I'd have more time, but this should get it done TL:DR style.

    On the Hidden OS, first install VMWare Player. It's free, and they didn't even ask for any info. VirtualBox is fine too, if it works for you - It wouldn't do 3D acceleration on my laptop.

    Download the latest Linux Mint .iso (or any that suits you).

    Create a new VM, set the .iso as the CD drive, use Ubuntu setting for Mint.

    Start VM and it'll be the Live CD - just double click install Mint. No need to encrypt, just use first option (erase disk and install) because you are on encrypted Windows OS.

    ***See YouTube "Install Linux Mint in VMWare Player" for all details - this is really about the Networking and Comodo.

    Select Bridged (Automatic) for the adapter. If you travel, select "Replicate Physical NIC". Go to "Advanced" and copy the MAC Address. (See Pics for this and Comodo).

    Now install Comodo. I did the full CIS to make doubly sure the Host (Windows) stays clean... but at minimum, firewall will do.
    If CIS, shut down and restart VMWare to make sure any HIPS/D+/BB/Sandbox rules get made/approved etc... so as not to interfere with Linux VM.

    Follow AirVPN Gude here: -https://airvpn.org/topic/3405-windows-comodo-prevent-leaks/- **FOR LAN RULES ONLY*** No need to do the VPN specific ones.

    Create Network Zones for VM Adapter MAC, Windows Adapter MAC, and LAN IP's.

    Set Firewall to Custom and create a Block All rule, tick Logging for troubleshooting.

    Now create rules per Air Guide and Pics.

    ***You will have to find out what IP your router gives to the VM - Check Comodo Log, Linux Network info, or your router. Add that rule to Comodo and you should be done.

    Test.

    Some Pics, and continued...
     

    Attached Files:

  15. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Ok, so the last thing you can do to make even Windows LAN communication at minimum, is to go into the Windows adapter IPv4 properties, and un-select Client For Microsoft Networks and Link Layer Topology Mapper AND Responder.

    Set up as described, you will see the Machine Name of the Windows Host, MAC, and IP in the router, and then the Machine Name of the Linux VM, MAC (different), and IP (different) in the router. Needlesss to say, all those names and numbers should be spoofed. Use Technitium MAC Changer to spoof the Windows adapter. The VM one is already spoofed.

    Windows will be unable to communicate - pinging Google times out, Windows Update throws an error after a few minutes, Plugging in new hardware won't try to pull drivers off of Windows Update, and, obviously, Internet Explorer won't connect.

    Two cool things are (if you so choose): You can go in and re-select those IPv4 options, and you can actually get network access to your LAN machines from the Windows Host. You can also set Comodo Firewall to Disabled, and reacquire full network access for the Windows Host... maybe to update Windows or Comodo Definitions, etc. You’d obviously want to do this only from a location where you are known, and behind a router.

    The two PITA things you may encounter if you travel: You may need to discover any new networks IP range, and specific IP handed out to you, and add those rules to Comodo. You can recon from the decoy for the network range, and then check Comodo log from Hidden OS for IP given. That's about it. Seems like a lot, but it's easy - and the best of TrueCrypt, Windows, and Linux. If you come up with a better way, or see something amiss, let us know - I'm no Guru like mirimir :)

    Oh yeah, installing VMWare Tools in Linux allows Drag and Drop and Shared Folder between Host and Guest. Weigh pros and cons and then check web/YouTube for install instructions.
     
    Last edited: Dec 11, 2014
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.