Why Should I Use a VPN

And very legitimate organisations such as a charity would want to use encryption to protect the contact details of donors on a laptop or a USB. If you're in charge of such information it's your responsibility not to have it misused and put donors or the reputation of the charity at risk.

 

no prob , ill wait



yeah mirimir, ive got uac disabled and using a admin account so no probs there,

ill try to find out something , not gona guarantee anything thou , lols

 

its always the same ol , everything that can be used for good can be use for bad and vice versa , dont matter what it is , hence why its a rather useless argument, on why to use encryption and why not , and if your smart you use it as recommended if you know a little about how current encryption laws in the states and some other countrys work

mind you if you live in a totalitarian country that bans encryption as a federal offense and will get you jail for lifetime, then leave your hands off of encryption and go for live cds and one-time use laptops instead , different rules for different threat models

 

I lost this post in the momentum that this thread has gone at.

I've got 6gb of RAM but my system sucks up nearly 2gb. When I used a VM I found it very jerky and couldn't get it into a full screen that looked anything like when I've dual booted Linux and then I had some update issue so I removed but I would like to give it another go if it can work like my main OS. Is that possible?

 

You're absolutely right, encryption is neutral and it can be used either way. The only purpose of encryption in my country is to stop something being stolen as the govt here will put you in prison if you don't provide your password for an encrypted computer.

While I find this very, very fascinating and will look to learn some of these things it does make the simple act of being on a computer much more complicated.

Edit: I just wanted to add that of course that for some people that being on a computer isn't all simple and that they have to go through a complicated process due to certain oppressive governments or other difficult circumstances.

 

When did you try VMs? Virtualization has improved dramatically in recent years, especially for Linux VMs in VirtualBox on Linux hosts. In my experience, Linux VMs in VMware on Windows hosts are also very snappy. Windows XP VMs in either VirtualBox or VMware are very snappy too. But Windows 7 and Windows Server 2008 VMs are somewhat sluggish, even in VMware ESXi.

The core issue is tweaking the guest OS to use virtualized resources efficiently. Linux is open source, and Windows XP has been around forever, so they can be virtualized quite efficiently. Windows 7 and Windows Server 2008, on the other hand, are proprietary and relatively new, so they're harder to virtualize efficiently. The same probably applies to the host OS. Although VirtualBox apparently runs OK on Windows 7 hosts, it still does better on Linux hosts. And conversely, VMware is still a better fit on Windows 7 hosts, I think.

 

always depends on your hardware , i cant complain or should i , lols

 

I used the Oracle VM (or is it a VB?) a few weeks ago. I use Windows 7 and I virtiualised Ubuntu 12.04. I've since deleted Java so I think using Oracle might be a problem. I think getting it run effectively was my main problem.

 

I'm not sure what Oracle VM is.

I recommend either VirtualBox (-https://www.virtualbox.org/) or VMware Player (-http://www.vmware.com/products/player/). VirtualBox is probably more widely used for privacy/anonymity stuff.

Neither requires Java.

 

oracle vm is virtualbox ,and no it dont use java,lols

 

Lol. It might have helped had I been clearer but I got the right information in the end. Maybe I'll VirtualBox another go. It's a relief that it doesn't use Java but how virtual is it? If my OS in VB gets infected does that mean my entire system gets infected?

 

While that's possible, it's unlikely, unless you're being targeted by blackhat hackers. I wouldn't test malware in your VMs, however.

 

sandbox virtualbox , that should take care of any malware attack from blackhat maybe use a good 0 day AV as well and the usual like a good firewall, that should keep you safe , maybe even something like a system snapshot program that restores your pc back to its previous clean state on restart

 

Thanks for your help mirmir and Happyyarou. I shall take on board what you said and play around with VirtualBox.

 

hey mirimir , any news

 

Most malware these days has ANTI-VM code written in it, so it won't run in VirtualBox unless you configure it right. Even if you do get infected just delete the snapshot, unless your being targeted you shouldn't need a sandbox to run it in.

But it can't hurt to have extra protection like a sandboxie like application, I've seen LIVECD's get compromised with malware so anything is possible.

 

No, not really

I've mostly been work-type working

I have replicated the VPN>Tor>VPN setup, and am leak testing.

I'll work on the host>VM-chain>host issue ASAP, probably over the weekend.

 

Malware writers have already adapted? Whenever I do test malwares' installation and infection, I always test them on the real system, never inside Virtual Environment. However, it's a good thing malwares cannot work in a virtual environment, meaning virtual environment is excellent protection against malwares' infection.

 

no prob was just keeping up-to-date thats all

 

I have important news: there's a more-secure way to set up OpenVPN clients in pfSense!

The key difference is explicitly creating an interface as a gateway for the VPN tunnel, rather than using pfSense's "virtual" interface (which it calls "OpenVPN"). Given that "real" interface, one can use policy-based routing to pass traffic from LAN only through the VPN gateway.

Starting with a fresh pfSense 2.0.1 VM, create an OpenVPN client as we've discussed, with public DNS servers in "System: General Setup" and the VPN's DNS server(s) in "Services: DHCP Server". Make sure that the VPN is connected: "up" in "Status: OpenVPN", and "Initialization Sequence Completed" in "Status: System logs: OpenVPN".

Then select "Interfaces: Assign network ports", click the "+" at the lower right, and then save. Now select "Interfaces: OPT1", and rename it as (for example) "AIRVPN".

Now go to "Firewall: NAT: Outbound", and (as before) select "Manual Outbound NAT rule generation". Save and apply changes. This time, you'll see two sets of the standard three rules for ISAKMP, LAN and localhost, one set with WAN as interface and the other set with AIRVPN (or whatever you called it) as interface. Select the three with WAN as interface, and delete them.

Now go to "Firewall: Rules" and create a rule in the WAN tab that passes everything from LAN net (called "LAN subnet" in the configuration toggle) to any rule via the AIRVPN gateway (using "Gateway" toggle in "Advanced features" section).

Now create exactly the same rule in the LAN and OpenVPN tabs. Maybe all three could be replaced by one rule in the Floating tab, but I haven't tested that yet.

Last, create a rule in the AIRVPN tab to pass everything. Don't explicitly specify a gateway.

Now, reboot the pfSense VM, and check your IP address.

The old setup, using pfSense's "virtual" OpenVPN interface, works fine and doesn't leak under most circumstances. However, it does leak if you kill the openvpn process from the command prompt. That doesn't happen with the new setup. I'm doing additional testing to see if I can make it "fail open".

 

oh ! another pfsense , sure thing .. (rolls up his sleeves)

btw what do i set in the pfsense gateway vm , under network settings, nat and internal airvpn again or what , or do i just redo my current vpn vms settings

 

Sorry, I was rushing last night, and didn't explain everything explicitly. So here's the setup for the VPN (e.g., AirVPN) that carries Tor:

1. create a new pfSense 2.0.1 x64 VM
2. add VPN's ca.crt and user.crt/user.key in "System: Certificate Authority Manager"
3. add public DNS servers in "System: General Setup"
4. uncheck "Allow DNS server list to be overridden by DHCP/PPP on WAN" in "System: General Setup"
5. check (enable) "Do not use the DNS Forwarder as a DNS server for the firewall" in "System: General Setup"
6. disable "Services: DNS forwarder"
7. add VPN's DNS servers in "Services: DHCP server"
8. create VPN client in "OpenVPN: Client" as before, and leave it enabled
9. check "Status: OpenVPN": "Status" should be "up"
10. check "Status: System logs: OpenVPN": should see "Initialization Sequence Completed" near the bottom
11. in "Interfaces: Assign network ports", click the "+" at the lower right, and save
12. in "Interfaces: OPT1", check "Enable Interface", change "Description" to "AIRVPN", and save
13. in "Firewall: NAT: Outbound", select "Manual Outbound NAT rule generation", save, and then apply changes
14. in the same tab, check (select) the three rules (for ISAKMP, LAN and localhost) with WAN as interface, and delete them using the "x" button at lower right
15. in the same tab, don't mess with the three rules (for ISAKMP, LAN and localhost) with AIRVPN as interface
16. in "Firewall: Rules: WAN", create a rule that passes everything from LAN net (called "LAN subnet" in the configuration toggle) to any rule
17. using the "Gateway" toggle in the lower "Advanced features" section, select AIRVPN as gateway
18. name it "pass all from LAN net to any rule on AIRVPN gateway" and save
19. it should look like "* LAN net * * * AIRVPN none"
20. in "Firewall: Rules: LAN", create exactly the same rule "pass all from LAN net to any rule on AIRVPN gateway" and save
21. in "Firewall: Rules: LAN", delete the existing rule "Default allow LAN to any rule" <== IMPORTANT CHANGE
22. in "Firewall: Rules: OpenVPN", create exactly the same rule "pass all from LAN net to any rule on AIRVPN gateway" and save
23. in "Firewall: Rules: AIRVPN", create a rule that passes everything from anywhere to any rule on the default gateway (don't change anything in "Advanced features")
24. name it "pass everything to any rule" and save
25. it should look like "* * * * * * none"
26. reboot the pfSense VM, and check your IP address

For the VPN (e.g., Mullvad) that runs through Tor, use public DNS servers in "System: General Setup" from a different organization. Otherwise, the setup is the same.

 

from a different organization , how bout some pointers , cause ive used the 2 opendns ones you gave me already -.- , btw airvpn vm gateway new up and running including ip lookup and webaccess , feels tighter already, nice, as said need some directions for 2 extra dns addresses like

208.67.220.220

208.67.222.222


since your more experienced in that department than i


https://apcmag.com/why-using-google-dns-opendns-is-a-bad-idea.htm


https://windowssecrets.com/top-story/use-opendns-to-surf-safely-with-these-tricks/





and wich ones to choose the ones the furthest away from me or closest to my isps real location ,do i have to setup an free account , or go for a better service , mindboggled as usual

 

If you use the same DNS servers in "System: General Setup" for both AirVPN and Mullvad, you're potentially leaking pre-Tor and post-Tor lookup information to the same provider. OpenDNS is fine for either one. JonDonym lists several censorship-free (also free) DNS servers at -https://anonymous-proxy-servers.net/wiki/index.php/Censorship-free_DNS_servers.

Upon reflection, given that you're routing Mullvad through Tor, it might work to just click (enable) "Allow DNS server list to be overridden by DHCP/PPP on WAN" in "System: General Setup" for Mullvad. That might make pfSense use Tor DNS for its own purposes. But it would use Mullvad's DNS servers for client VMs, because you've entered them in "Services: DHCP server".

Edit: Yes, for the VPN running through Tor, you don't need to specify DNS servers in "System: General Setup". Enabling "Allow DNS server list to be overridden by DHCP/PPP on WAN" seems to be enough, even though my "through-Tor" VPN server is a hostname that must be resolved. It must be using Tor DNS resolution.

Very cool

First try enabling "Allow DNS server list to be overridden by DHCP/PPP on WAN" in "System: General Setup" in the Mullvad pfSense VM. If that doesn't work, use ones from the JonDonym list.

Edit: See above. You don't need to specify any.

As long as they're not your ISP's DNS servers, it doesn't matter. They'll be used from whatever Tor exit node you're using, which could be anywhere.

No, you don't need to set up any account. Just use ones from the JonDonym list.

 

IMPORTANT CHANGE in pfSense OpenVPN setup

In "Firewall: Rules: LAN", you need to delete the existing rule "Default allow LAN to any rule". Or you can just edit it to the "pass all from LAN net to any rule on AIRVPN gateway" rule that I specified.

Sorry about that