Subscribe to WolfCoder's Kawaii Column        RSS Feed
***** 1 Votes

Virtual Freedom Box

Icon 2 Comments
Do you think danger lurks around every corner? Worried that you're constantly being spied upon? Got the tin-foil chic? Or perhaps you just want to play with networking lots of random boxes inside your computer for the learning experience. I'm personally all of the above although I've yet to find enough tin-foil~

You will need the following programs:
Posted Image VirtualBox
Posted Image Tor
Posted Image TrueCrypt

And a light flavor of Linux you know how to use. If you don't know how to use any of them, I'd recommend Xubuntu since it uses the very light XFCE desktop instead of all that junk the regular flavor comes with.

I bet you know where this is going :3 TrueCrypt is easy to use and lets you create files you can just dump stuff into. And they're ENCRYPTED of course, it even lets you add a hidden volume inside a normal one for plausible denial. I don't think you need to go all the way, you really just need to make a volume just slightly larger than the hard drive space you want to give to each operating system in VirtualBox. It's a good first step to set up two of these such encrypted file containers, mount them and move on.

For Tor, you want the Vidalia Bundle which is under Other Downloads. You don't need the browser bundle or anything. Get it installed, fire it up and you're good.

I hope you've been downloading your chosen Linux while you have been doing this. You'll need to install VirtualBox and make two machines. One machine can have very little resources and memory (make it like 256MB for Xubuntu) and will be your firewall. Another will be your main and can get everything you feel like allocating to it. Both your firewall and normal virtual machine's HDD images should be inside TrueCrypt volumes so go ahead and make the volumes and select the location when making VirtualBox HDD images (.vdi). Be sure you're dumping it in the actual encrypted volume, not just somewhere else on a file system or USB drive.

Install the operating systems, install all updates and everything. Be sure you install an ssh server on the firewall, search for "ssh server" in Synaptic Package manager should have a result like "ssh", adding it should add the server.

Now, for the hard part. You'll want to go under Network Interfaces for your firewall. Be sure the first one is NAT and that you check the second one and set it to Internal Network. This means it gets to use your standard connection AND be connected to a virtual network that VirtualBox pretends is there. For your main, you'll want to deselect the NAT, and check the second one and make it Internal Network so it's the only active one (every time you want to update your main it will be easier to just enable the NAT and disable Internal Network).

This next step is if you don't know how to do this in Linux:

Open network connections settings and edit the connection (eth1) that was set to Internal Network under firewall. Edit it from Automatic DHCP to Manual and set up some IP (10.0.3.1), and the subnet mask to 255.255.255.0 and 10.0.3.1 again as the last number (since this is the firewall). Do the same from the main Linux, except use a different last number (10.0.3.2 for example) but make sure the last IP is 10.0.3.1 again. These are just safe IP addresses you make up yourself, others will work and they only mean anything inside the virtual network.

Make sure Tor is running, both machines are running and there were no problems connecting the networks manually. You should NOT be able to browse or use the internet inside your main Linux machine. You'll need to tunnel Tor from the outside into the machine. In a terminal:

ssh -N -L 8118:10.0.2.2:8118 <host>@10.0.3.1

Where <host> is the username of your firewall. You'll have to log into your firewall's account by the way, hope you set a password.

Make another terminal window and do:

ssh -N -L 9050:10.0.2.2:9050 <host>@10.0.3.1

Leave these windows open, it's piping Tor through the outside and out of 127.0.0.1:9050 and 8118 (localhost, or YOU). You should still not be able to browse websites. You'll have to go into Firefox or whatever and set 127.0.0.1 as your proxy server. HTTP proxy is 8118 and SOCKS proxy is 9050.

If this works, check.torproject.org should report that it works.

If you want to use lots of internet based Linux commands, I recommend proxychains. It's already configured to use Tor coming out of 127.0.0.1:9050. Type "proxychains bash" to start a shell that automatically sends your TCP packets through Tor with little hassle.

Now you have an encrypted operating environment where the only way out is through Tor. It's a handy environment if you want insane privacy or want to experiment with building networks- yes, try adding more virtual machines and see what combinations you can come up with~

2 Comments On This Entry

Page 1 of 1

sithius92 Icon

06 March 2012 - 10:47 AM
You can never be too paranoid about your privacy/security. Thanks for the post!
0

WolfCoder Icon

20 March 2012 - 09:18 AM
I've also seen it used to chain VPNs. Normally you can't do it lengthwise, but you can log into a VPN and start a new virtual machine that itself logs into a VPN to nest VPNs.
0
Page 1 of 1

September 2014

S M T W T F S
 123456
78910111213
141516 17 181920
21222324252627
282930    

...

...

Information

Information