Privacy

31799 readers

353 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[Question] Securely Passing Host VPN to KVM? (lemmy.ml)

submitted 6 months ago by brownmustardminion@lemmy.ml to c/privacy@lemmy.ml

3 comments fedilink hide all child comments

I've attempted to create a VM on my ubuntu host machine that is accessing the internet via a dedicated VPN app. I'm able to disconnect my host VPN and access the web within the VM, but cannot access the web when the host VPN is enabled. Ideally I'd like to enable the VPN on the host and pass through web access to the VM.

I have two questions:

If my use case is to use a VM to increase privacy and security as well as isolate my operations within the VM from my host, is it better to have the VPN app from inside the VM or pass the host's through to the VM?
If it doesn't make much of a difference, how can I go about passing the host's VPN to the VM?

In either scenario, I'd still like to keep the host's VPN active while being able to use the VM, which I currently cannot.

top 3 comments

sorted by: hot top controversial new old

[–] jet@hackertalks.com 5 points 6 months ago

You might want to look at the qubes operating system architecture documents.

For maximum privacy, you would want one container or VM to have access to the internet and run your VPN endpoint. This container would have firewall rules applied so it could only talk to the other side of the VPN on the internet interface. This container should also have another interface connecting to your guest VM.

For your guest VM, it could only route traffic to the VPN container.

You could also use network name spaces to do the same thing without containerization. Depending on your threat model and level of paranoia.

The benefit of segmenting out the VPN program into its own working space, is that if there's any bugs, any lapses, traffic doesn't accidentally get to the main internet. It's less leaky. Especially if you consider a hostile program running inside of your guest VM that's trying to defeat any VPN program.

[–] lemmyreader@lemmy.ml 4 points 6 months ago (1 children)

The moment your VPN app starts it will change gateway and name servers for your host. If the virtual NIC of your VM is bridged with your host I would expect it to work fine for the VM. Is this with KVM or Qemu or VirtualBox or something else ? How is networking configured ?

[–] brownmustardminion@lemmy.ml 2 points 6 months ago

QEMU. Using NAT but it's attached to the host's NIC. I know this is probably what's causing the issue. I'm not sure how to connect it to the VPN.