Block non-VPN traffic oooor just use a VM?

[Herpetto666 2]

Hi guys!

I'm currently using the 3 day paid package and tinkering a bit with my VPN setup. I am looking into the popular topic of separating different traffic types or applications with the use of a vpn gateway. I've already read topics like https://airvpn.org/topic/9923-tor-over-airvpn-vs-airvpn-with-tor/ , https://airvpn.org/topic/9609-blocking-non-vpn-traffic-with-windows-firewall/ and similar and I was wondering (hopefully this won't be a too noobish question), if instead of configuring the Windows firewall (like it would be in my case) it would be more feasible to just run the airVPN Client inside a Linux VM, inside VMPlayer or VirtualBox and the like. I'm putting possible performance issues and the security concerns of the host OS aside. What kind of OS, or which Linux distro i guess, could be used for this configuration? So with the final setup, I could use my host OS for my "normal" activities" and the VMwith encrypted drives for torrenting, unlocking youtube vids etc. and if i feel the need to encrypt all traffic, I could just power off the VM and use the client on the host.

Thanks in advance for your input!

[Omniferum 9]

I personally would not see any particular benefit from using a VM instead of firewall blocking. The performance/convenience (switching between two OS) loss would be irritating to me, but you said to ignore those.

 

Given that I would say just whacking up firewall rules would be far less configuration/maintenance. For example having to keep a completely separate VM OS updated/secure etc. rather than just your own.

 

If you want 'both' worlds you can just set up special rules that define what 'must' go through your VPN in Windows and what 'must' go through the normal channel, it is not a binary option of 'all traffic' has to go through one adapter or the other; achieving the same as what you wanted via the VM.

[Staff 10116]

  On 9/17/2013 at 6:41 PM, Herpetto666 said:

Hi guys!

I'm currently using the 3 day paid package and tinkering a bit with my VPN setup. I am looking into the popular topic of separating different traffic types or applications with the use of a vpn gateway. I've already read topics like https://airvpn.org/topic/9923-tor-over-airvpn-vs-airvpn-with-tor/ , https://airvpn.org/topic/9609-blocking-non-vpn-traffic-with-windows-firewall/ and similar and I was wondering (hopefully this won't be a too noobish question), if instead of configuring the Windows firewall (like it would be in my case) it would be more feasible to just run the airVPN Client inside a Linux VM, inside VMPlayer or VirtualBox and the like. I'm putting possible performance issues and the security concerns of the host OS aside. What kind of OS, or which Linux distro i guess, could be used for this configuration? So with the final setup, I could use my host OS for my "normal" activities" and the VMwith encrypted drives for torrenting, unlocking youtube vids etc. and if i feel the need to encrypt all traffic, I could just power off the VM and use the client on the host.

Thanks in advance for your input!

 

Hello,

 

some significant advantages of such a setup is the option to keep the whole VM encrypted when it is off, with the additional security that no unencrypted file can ever leak on the host system. These may be extremely important features in some cases (imagine an activist working in a country controlled by a human rights hostile regime).

 

Then there are the 'usual' advantages of a VM: portability (just a file) and isolation of "disasters" in particular.

 

The most important cons you have to consider are: more resources required from the host, slower performance of the guest system (mitigated if you have a CPU supporting hardware virtualization).

 

However, setting up a firewall will be necessary anyway to prevent leaks in case of unexpected VPN disconnection. If the VM is connected to the host machine via NAT, the firewall settings may be simpler on the host side. If the VM is attached to a bridged network adapter, firewall rules will be necessary on the VM itself.

 

You have also another option, i.e. connecting the host to a VPN server, and attaching the VM via NAT to the host. In this case you always need firewall rules on the host side, and all the VMs will have their traffic tunneled 'transparently'. This setup can be additionally hardened (under a security point of view) by connecting the VM itself to TOR or to another VPN, to obtain (in the VM) a multi-hop connection (traffic over VPN1 over VPN2 for example) with multiple layers of encryption at the price of a remarkable network performance decrease.

 

Kind regards

[Royee 11]

I hear many people run multiple virtual boxes if you own a quad cpu and 8gig+ or above you will be fine,  whonix is a popular choice and runs under Tor network.  You could also run Ubuntu in another vbox,  if you setup truecrypt then even safer.

 

I think its a great idea,  your normal windows is fine,   any other logs and activities,  windows logs will only see you opened virtualbox software.  You can further run the latest version of ccleaner and privazer which supports cleanup of Windows logs (finally!) and also virtual box logs (set dod pass for non recovery) you can set them up on schedule daily even or upon boot,  this way an adversary has nothing much to check into!

 

This way your linux torrents and surfing and any other activities remain in a virtual box and much better privacy and security.  Just bare in mind when you shut down your virtual machines perhaps you may want it to not save any data/changes ?  the other issue is an adversary could catch your system live and not encrypted and thus have full access to your drives and virtual boxes and see all the data and usage !   Just like AirVPN has a kill switch,  maybe you require one also.  I was thinking perhaps there maybe a screen lock or screen password to perhaps work inbetween this issue but not sure of one on linux.

[Corsair28 8]

  On 9/18/2013 at 11:48 AM, Royee said:

I hear many people run multiple virtual boxes if you own a quad cpu and 8gig+ or above you will be fine,  whonix is a popular choice and runs under Tor network.  You could also run Ubuntu in another vbox,  if you setup truecrypt then even safer.

 

I think its a great idea,  your normal windows is fine,   any other logs and activities,  windows logs will only see you opened virtualbox software.  You can further run the latest version of ccleaner and privazer which supports cleanup of Windows logs (finally!) and also virtual box logs (set dod pass for non recovery) you can set them up on schedule daily even or upon boot,  this way an adversary has nothing much to check into!

 

This way your linux torrents and surfing and any other activities remain in a virtual box and much better privacy and security.  Just bare in mind when you shut down your virtual machines perhaps you may want it to not save any data/changes ?  the other issue is an adversary could catch your system live and not encrypted and thus have full access to your drives and virtual boxes and see all the data and usage !   Just like AirVPN has a kill switch,  maybe you require one also.  I was thinking perhaps there maybe a screen lock or screen password to perhaps work inbetween this issue but not sure of one on linux.

This setup works very well.  I have had to change several times due to the dynamics at work.  I just wanted to add that using comodo firewall to make sure the VM only uses air and has no internet access once disconnected is easy to do you can use the same rule as utorrent

[Herpetto666 2]

Thank you all for the input!

Like I said in the first post, performance is not an issue, I'm running a virtualization lab on my rig anyway. Switching to the VM is no deal, it just runs in a window on the second monitor. I'm the only user of the PC and am aware of the sniffing possibility on the host, like I said with my setup I don't consider it to be a risk (at least for now).

Also thanks for pointing this out:

 

  On 9/18/2013 at 3:09 AM, Staff said:

However, setting up a firewall will be necessary anyway to prevent leaks in case of unexpected VPN disconnection. If the VM is connected to the host machine via NAT, the firewall settings may be simpler on the host side. If the VM is attached to a bridged network adapter, firewall rules will be necessary on the VM itself.

 

You have also another option, i.e. connecting the host to a VPN server, and attaching the VM via NAT to the host. In this case you always need firewall rules on the host side, and all the VMs will have their traffic tunneled 'transparently'. This setup can be additionally hardened (under a security point of view) by connecting the VM itself to TOR or to another VPN, to obtain (in the VM) a multi-hop connection (traffic over VPN1 over VPN2 for example) with multiple layers of encryption at the price of a remarkable network performance decrease.

 

I'll go for the option with a bridged adapter and will use one of the guides to prevent leaks. In this configuration, is it necessary to configure the firewall on the host too?

 

EDIT: The main reason for building this setup, is not having to switch constanlty between a secure (VPN) and non-sucure connection. The VM would be permanenlt connected via the tunnel.