this post was submitted on 08 May 2024
5 points (100.0% liked)

Privacy

31982 readers
343 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I've attempted to create a VM on my ubuntu host machine that is accessing the internet via a dedicated VPN app. I'm able to disconnect my host VPN and access the web within the VM, but cannot access the web when the host VPN is enabled. Ideally I'd like to enable the VPN on the host and pass through web access to the VM.

I have two questions:

  1. If my use case is to use a VM to increase privacy and security as well as isolate my operations within the VM from my host, is it better to have the VPN app from inside the VM or pass the host's through to the VM?
  2. If it doesn't make much of a difference, how can I go about passing the host's VPN to the VM?

In either scenario, I'd still like to keep the host's VPN active while being able to use the VM, which I currently cannot.

top 3 comments
sorted by: hot top controversial new old
[–] jet@hackertalks.com 5 points 6 months ago

You might want to look at the qubes operating system architecture documents.

For maximum privacy, you would want one container or VM to have access to the internet and run your VPN endpoint. This container would have firewall rules applied so it could only talk to the other side of the VPN on the internet interface. This container should also have another interface connecting to your guest VM.

For your guest VM, it could only route traffic to the VPN container.

You could also use network name spaces to do the same thing without containerization. Depending on your threat model and level of paranoia.

The benefit of segmenting out the VPN program into its own working space, is that if there's any bugs, any lapses, traffic doesn't accidentally get to the main internet. It's less leaky. Especially if you consider a hostile program running inside of your guest VM that's trying to defeat any VPN program.

[–] lemmyreader@lemmy.ml 4 points 6 months ago (1 children)

The moment your VPN app starts it will change gateway and name servers for your host. If the virtual NIC of your VM is bridged with your host I would expect it to work fine for the VM. Is this with KVM or Qemu or VirtualBox or something else ? How is networking configured ?

[–] brownmustardminion@lemmy.ml 2 points 6 months ago

QEMU. Using NAT but it's attached to the host's NIC. I know this is probably what's causing the issue. I'm not sure how to connect it to the VPN.