Whats more secure/private?

I did grab 2.1. I was following your #6 scheme over at ivpn and I finished the first 1-19 steps of the process pretty easily. At that point I was looking at the pfsense options page and going to continue later. I thought things were going fine. I shut down because I had to leave for awhile. When I came back and booted up, I launched the pfSense VM and it was booting along fine but stopped with an error:

Fatal Trap 12 page fault. WTF?

I just now saw your post about the RAM change. I changed the settings to almost 700 meg to be sure. I have plenty RAM on this box. Still pulling the same error. I am tired and its been a long day in my world. I'll come back fresh tomorrow if I can. I have done zero config of my actual system numbers. For now I am maintaining total vpn control using other methods. This will allow me to grab files and config stuff from some VPN providers. Since you exampled Air I'll use them as the thread continues.

I don't know if the total lack of setting up the config would lock pfsense during boot. I wouldn't think so. During the build of the VM it totally booted and was waiting for me to select options to finish it off.

 

I don't recall ever seeing that error. But pfSense 2.1 does seem more tempermental.

I recommend nuking the VM and recreating it.

 

Mr. Brian - NICE FIND! I knew this idea would get hashed out here!

As far as Updates, if Windows never see's the network, I don't think it matters, security wise. BUT, there are performance updates. I was thinking of using the Heise Offline Update method to apply them.

 

Some progress!! Built several new VM's before getting it. I kept getting the same error on new machines too. I downloaded 2.03 and even there got that same error. So I went through building a pfsense machine only this time I ran 2.03 in LIVE mode and it ran all the way through. At the end there is a 99 option to do the hard drive install with all the "tweaking" from the live mode in the build. I selected 99 and it installed easily. On my computer I will pull that error I mentioned half the time, if I close down the VM without halting pfSense properly. As long as I do the "6" halt/shutdown command the machine works perfectly during the next power up. Now I am ready to learn how to configure it.

Mirimir, I should start another thread on pfSense configuring so we don't kill this thread on MY project. However; any who have read this far can see how nice a hidden 7 OS would be with a pfSense virtual connection for security. I believe this can be done so we have the best of both worlds. I'll come back to this thread if this project completes successfully.

Mirimir, what forum here do you want me to start a thread in for finalizing a pfSense configuration? I can't quite get this done without some help along the way. I'll spend days reading because this is a hobby for me and I am in no major hurry, although I do get impatient. LOL!!

ps - I could probably make a pfsense 2.1 VM now too. Since 2.03 is less "bloatware" should I stay with it or update to 2.1? When I log into Air I see some nice gui looking pastes there. My pfSense looks more cryptic than what I am seeing there. Maybe there is a webgui I need to learn to use with pfSense.

 

Yes, it's important to shutdown pfSense before closing it (which is equivalent to pulling the plug). You can also use ACPI Shutdown from the VirtualBox menu instead of the "6" thing.

There may also be some other setting in VirtualBox that's making the VM unstable. You could check again vs my tutorial.

Yes, this is a very cool way to use Windows 7 as a hidden OS that runs VMs but can't itself talk to the Internet.

And yes, let's start another thread for pfSense setup.

This section (privacy technology) is a good place for it.

There's a lot of good stuff at the pfSense forums, and there are some guides and tutorials. But most of them are dated, and there is no complete online manual. There's a book, but the existing edition is very out of date, and the update is still in draft form.

A draft of pfSense: The Definitive Guide Version 2.1 is available to Gold Members (99 USD per year) and Support Customers (500 USD for five hours per year). They say that the book will be published this year. See http://pfsense.org/get-support/index.html#documentation

I do have a support contract, in case anything comes up.

I wouldn't say that it's "bloatware". Expecting FreeBSD to run in 256 MB is rather extreme, no?

So far, you've been using the pfSense serial console, in the VirtualBox window. Once you complete the installation and initial configuration (assigning em0 and em1) you browse the webGUI (default https://192.168.1.1) using a Linux VM (such as Crunchbang) that's attached to the internal network from the pfSense VM's LAN. It's exactly like configuring your LAN router from a machine on the LAN, except that this is a virtual LAN.

 

Thanks for the pointers. I was looking through VirtualBox's settings (overall not specific to any one machine) and notice that preferences for the host machine's wireless are setup already. 7 uses it of course. Would that pre-set configuration be causing me any snags at this point?

I am still having on and off issues with that error on the VM's. I have looked through the basic 1-19 steps on your #6 guide. That is literally all I have done with pfSense. I hesitate to go full steam ahead until I know I have a reliable machine process at play. Kinda kickin my butt.

Ok so I'll read for awhile, maybe a day or so, and then as questions start to surface I'll come back and start a thread for this. Thanks again.

 

I've never used pfSense on a host with WiFi. That may be the source of the problem.

Searching for "Fatal Trap 12 page fault" yields numerous hits for pfSense and FreeBSD. It seems to be a kernel panic, with many possible causes.

However, recent hits about pfSense 2.1 on the pfSense forums point to network-interface compatibility issues. And WiFi NICs are notorious for that.

I recommend using a wired NIC on the host instead of WiFi. If that's not possible, you could try setting the adapter type in VirtualBox Settings\Network to "Paravirtualized Network (virtio-net)". While that might be painfully slow, it might help confirm the cause -- by working at all, with no "Fatal Trap 12 page fault" crashes.

Cool

 

I'm going to install Comodo Firewall, instead of using Windows. The idea of using a Windows product, to keep a Windows product from accessing the network, seems odd Comodo 'Block All' will work, as well as rules as a backup. Since this is a laptop, I hope blocking in the router isn't necessary... could be a pain at relative's houses, etc...

 

Or perhaps you could go to the host's NIC properties and disallow everything except VirtualBox Bridged Networking Driver.

 

In order for this project to complete successfully we need to remove the windows host from having any internet handshake at all, ever! I am reading around about how I might get around the wireless nic compatibility I may have run into. I can see how easy this project would be on a wired desktop, but that is not the world where I exist. I am mobile and a wired desktop is not for me. I do have and use one, but certainly not exclusively.

I want a wireless laptop where the 7 host OS has zero connectivity, and where a configured VM provides it.

I am likely wasting my time but I am going to download an "ancient" version of pfsense to see if less demand for resources might get me around this compatibility issue. This project requires very little processing power to accomplish such a simple thing. I will keep you guys in touch with how that endeavor goes.

Maybe there is someone reading along here that has a wired windows desktop that could quickly build a pfsense VM and give this a try. Now that I know how to build the VM it only takes about 10 minutes or so to get to the point where its installed and ready to be configured. I may put a drive back in my desktop and spin it this weekend. It won't really help me usage wise, but it would confirm its do-able in a "wired" scenario.

 

That's a great idea, thanks mate.

 

Well, 10 months after my last post, I finally got around to trying this out, LOL! I got it working, but it was a PITA to figure out. But now that I did, it should be easy when I post a tutorial in a few days I had to use VMWare Player, as Virtual Box wouldn't use hardware acceleration with my Intel Graphics...VMWare did and works great.

Stand by...

 

Cool

 

Ok, I thought I'd have more time, but this should get it done TLR style.

On the Hidden OS, first install VMWare Player. It's free, and they didn't even ask for any info. VirtualBox is fine too, if it works for you - It wouldn't do 3D acceleration on my laptop.

Download the latest Linux Mint .iso (or any that suits you).

Create a new VM, set the .iso as the CD drive, use Ubuntu setting for Mint.

Start VM and it'll be the Live CD - just double click install Mint. No need to encrypt, just use first option (erase disk and install) because you are on encrypted Windows OS.

***See YouTube "Install Linux Mint in VMWare Player" for all details - this is really about the Networking and Comodo.

Select Bridged (Automatic) for the adapter. If you travel, select "Replicate Physical NIC". Go to "Advanced" and copy the MAC Address. (See Pics for this and Comodo).

Now install Comodo. I did the full CIS to make doubly sure the Host (Windows) stays clean... but at minimum, firewall will do.
If CIS, shut down and restart VMWare to make sure any HIPS/D+/BB/Sandbox rules get made/approved etc... so as not to interfere with Linux VM.

Follow AirVPN Gude here: -https://airvpn.org/topic/3405-windows-comodo-prevent-leaks/- **FOR LAN RULES ONLY*** No need to do the VPN specific ones.

Create Network Zones for VM Adapter MAC, Windows Adapter MAC, and LAN IP's.

Set Firewall to Custom and create a Block All rule, tick Logging for troubleshooting.

Now create rules per Air Guide and Pics.

***You will have to find out what IP your router gives to the VM - Check Comodo Log, Linux Network info, or your router. Add that rule to Comodo and you should be done.

Test.

Some Pics, and continued...

 

Ok, so the last thing you can do to make even Windows LAN communication at minimum, is to go into the Windows adapter IPv4 properties, and un-select Client For Microsoft Networks and Link Layer Topology Mapper AND Responder.

Set up as described, you will see the Machine Name of the Windows Host, MAC, and IP in the router, and then the Machine Name of the Linux VM, MAC (different), and IP (different) in the router. Needlesss to say, all those names and numbers should be spoofed. Use Technitium MAC Changer to spoof the Windows adapter. The VM one is already spoofed.

Windows will be unable to communicate - pinging Google times out, Windows Update throws an error after a few minutes, Plugging in new hardware won't try to pull drivers off of Windows Update, and, obviously, Internet Explorer won't connect.

Two cool things are (if you so choose): You can go in and re-select those IPv4 options, and you can actually get network access to your LAN machines from the Windows Host. You can also set Comodo Firewall to Disabled, and reacquire full network access for the Windows Host... maybe to update Windows or Comodo Definitions, etc. You’d obviously want to do this only from a location where you are known, and behind a router.

The two PITA things you may encounter if you travel: You may need to discover any new networks IP range, and specific IP handed out to you, and add those rules to Comodo. You can recon from the decoy for the network range, and then check Comodo log from Hidden OS for IP given. That's about it. Seems like a lot, but it's easy - and the best of TrueCrypt, Windows, and Linux. If you come up with a better way, or see something amiss, let us know - I'm no Guru like mirimir

Oh yeah, installing VMWare Tools in Linux allows Drag and Drop and Shared Folder between Host and Guest. Weigh pros and cons and then check web/YouTube for install instructions.