Jump to content
Not connected, Your IP: 13.59.82.60

Search the Community

Showing results for 'whonix'.


Didn't find what you were looking for? Try searching for:


More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • AirVPN
    • News and Announcement
    • How-To
    • Databases
  • Community
    • General & Suggestions
    • Troubleshooting and Problems
    • Blocked websites warning
    • Eddie - AirVPN Client
    • DNS Lists
    • Reviews
    • Other VPN competitors or features
    • Nonprofit
    • Off-Topic
  • Other Projects
    • IP Leak
    • XMPP

Product Groups

  • AirVPN Access
  • Coupons
  • Misc

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Twitter


Mastodon


AIM


MSN


ICQ


Yahoo


XMPP / Jabber


Skype


Location


Interests

Found 104 results

  1. I must have gotten confused with QubesOS, which def has support for certain containers using different VPNs, such as Whonix dist, for certain and independent tasks. I've been playing around with always-on VPN on my PC, and I've noticed a def. slowdown in my normal traffic and higher latency. Anyway -- thanks for the reply!
  2. Has anyone here successfully used Whonix and setup a tor to vpn connection? If so, please share any hints or tips.
  3. Hello , I'm having trouble setting up the connection in Whonix OS. I'm trying to do a VPN over TOR connection. USER ----> TOR -----> VPN I installed Eddie using Debian instructions and have tried the portable version . I have set the connection (proxy) type to TOR in the settings. I get these popup notification error messages : - Unable to find IP address of tor first node of an established circuit. - Checking route IPv4 failed. If anyone has experience setting up AirVPN in WHONIX i could use all the help i can get. Thank you for your reply.
  4. ADDITIONAL STEP #30: RUNNING WHONIX 11 IN VIRTUALBOX PREAMBLE If you have followed me on this long journey, so far you have successfully achieved several major milestones: 1. Transitioned from pure Win10 Spyware Edition to a hardened Linux Mint 17.2 dual boot arrangement with encrypted home drive and latest software & kernel. 2. Created ridiculously hard to break passphrases on all accounts (diceware) and stored them all in KeyPass-X with a master passphrase (stored on separate air-gapped media). 3. Created a decent password on your BIOS system, disconnected webcams, disabled internal microphones, disabled UpNP, updated firmware (where possible and safe), password protected your router & disconnected wireless networking (or set to WPA2 at a minimum). 4. Removed all your personal, financial and other sensitive documents from your peripherals/drives connected to the military-Net, and stored them on air-gapped media that is suitably encrypted with FOSS (LUKS, ecryptfs). 5. Regularly shred documents on your HDD/SDD/USBs to prevent file recovery by miscreants (Bleachbit).* * FYI - best practice to safely and completely wipe peripherals is to delete pre-existing partitions, create one entire encrypted partition on your destination media that takes up the entire space, then wipe the media with various cleaning tools - see TAILS documentation for further information. 6. Wiped meta-data off all files that you share with Metadata Anonymisation Toolkit. 7. Disguised your OpenVPN fingerprint and set a network lock to prevent anything travelling outside the VPN tunnel. 8. Disabled IPv6. 9. Removed time/date stamps that are otherwise completely unique. 10. Reduced your attack surface significantly on your Mint 17.2 system via removal of unwanted software for a standard desktop user e.g. all server crap, remote logins/desktop sharing/viewing/file transfers etc. 11. Checked your network settings manually to confirm you are not inviting strangers to hack your ass with any open/listening ports (netstat etc). 12. Installed Tor safely by confirming the authenticity (non-corrupted) status of the file and checking cryptographic signatures. 13. Regularly run Tor over VPN (VPN -> Tor) due to multiple fingerprinting vectors with standard browsers THAT IDENTIFY YOUR ASS even if you sit behind a VPN; most probably due to a unique combination of FF settings, add-ons, themes, syncing behaviour, languages and multiple plug-ins leaking loads of information on every site you visit. 14. Run the latest version of Tor with the highest possible privacy and security settings set in the slider to make your signature indistinguishable from the 1-2 million other active, daily Tor users; .onion addresses are used whenever and wherever possible (to stay within the Tor network). 15. Created a hardened FF profile to go alongside your completely fingerprintable 'default' Mozilla settings profile (which is sub-standard for a company pretending to care about privacy/security). 16. Set Apprmor system wide to restrict dangerous behaviour by various software apps - you should now have 50+ Apparmor enforced profiles running in the kernel. 17. Set Apparmor to put chains on that hostile Windoze binary your 'better half' made you install (Skype). 18. Installed Thunderbird as your new email client with a pseudo-anonymous account that is not part of PRISM and configured it securely to reduce risks posed by HTML, malicious email scripts etc. 19. Created a 4096 bit PGP encryption public-private key pair, with the strongest available hashing and encryption algorithms available to protect your email content and attachments from the fascists at your discretion. 20. Installed a range of the best suitable FOSS to use as safe alternatives for encrypted communication e.g. OTR with Pidgin, Jitsi, Onionshare etc. 21. Have the best available FOSS to create encrypted stand alone folders, volumes, partitions and drives (LUKS, e-cryptfs). 22. Daily clean out your (many) electronic trails from your devices with Bleachbit, including zeroing out your HDD/SSDs on occasion. 23. Recently cloned your working dual boot system with Clonezilla or dd command to safeguard any catastrophic events with your current working system. Well done! In contrast, the regular "Joe the Plumber" (your neighbour) is running stand-alone Windoze 10 in default mode (post-CISA bill) and is a victim of: 1. Proprietary code that is backdoored harder than a platinum-blonde porn queen in all areas: full-disk encryption (FDE), O/S level privacy, (in)security of all files/folders stored on Windoze file systems, 'encrypted' apps / protocols / communications that are all "NSA-Approved TM". 2. Runs PRISM-mail and Snoop (Skype) almost every day - feeding the freshly booted Utah data centre with information in clear text/audio/video. 3. Is effectively 100% open to exfiltration of all browsing, O/S information, personal data/files and constitutionally protected communications via shameless 'privacy' and EULA arrangements, and the recent passage of a number of Stasi Bills. 4. Trusts data-fiddling, third-party corporate psychpaths with their entire digital life despite Micro$haft, Giggle, Yahooze, Fraudbook and other collaborators assisting the military-industrial complex daily in harvesting everything - in CLEAR violation of international and domestic laws, agreements and charters. TAKING PRIVACY, SECURITY & ANONYMITY TO THE NEXT LEVEL WITH WHONIX* * I have shamelessly ripped off the best work of Micah Lee, Patrick Schleizer (lead developer, whonix.org) and Whonix documentation for this post, instead of re-inventing the wheel. Significant support for Whonix can be found in available on-line documentation, the FAQ and forum posts. RESOURCES https://en.wikipedia.org/wiki/Whonix http://www.tecmint.com/install-virtualbox-on-redhat-centos-fedora/ https://theintercept.com/2015/09/16/getting-hacked-doesnt-bad https://www.whonix.org/ https://www.whonix.org/wiki/Comparison_Of_Tor_with_CGI_Proxies,_Proxy_Chains,_and_VPN_Services#Comparison_of_Tor_and_VPN_services https://www.whonix.org/wiki/Comparison_with_Others https://www.whonix.org/wiki/Data_Collection_Techniques#Active_Web_Contents https://www.whonix.org/wiki/Features https://www.whonix.org/wiki/Post_Install_Advice INTRODUCTION While your current hardened dual-boot setup has significantly improved your security, privacy and anonymity, it is unlikely to be sufficient against global adversaries. Passive, global systems are already in place which harvest 100% of encrypted/unencrypted data they intercept. Since approximately 80% of the worlds internet traffic passes over US soil due to their dominant position in controlling internet infrastructure, this means 80% of YOUR data, right now, is being intercepted and kept in immense racks of data servers - possibly forever. Passive systems also search for possible unique signatures attached to things like emails, messaging, VOIP, browser profiles, O/S indicators, MAC addresses (if/when revealed), names of computers on LAN (if/when revealed), and even the potentially unique profiles generated by your system when it does your hourly updates (consider how many unique PPAs you might have installed!?). Therefore, resist the temptation to assume you are now secure in your computing activites solely because you run GNU/Linux in combination with OpenVPN and Tor. Carefully consider the advice of experts below, who STRONGLY advocate the use of a virtual environment for enhanced privacy, security and anonymity. UNDERSTANDING DATA MINING THREATS YOU FACE ON THE INTERNET EVERY DAY WHY ISN'T A TRUSTED VPN PROVIDER ENOUGH TO PROTECT ME ON THE INTERNET? ​ WHY USE A VIRTUAL MACHINE ENVIRONMENT OVER THE TOP OF LINUX MINT? WHY USE WHONIX? WHAT ABOUT OTHER DISTROS IN A VM? PRIMARY WHONIX ADVANTAGES INSTALL AND CONFIGURE WHONIX 11 IN LINUX MINT If you read the preceding material carefully, you should now be convinced that your 'rock-solid, anonymous' desktop system is perhaps a little frail, weak and infirm. In fact, there is a high likelihood you have been signalling your every move to the Stasi, even while sitting behind the AirVPN servers. So, without further delay, lets remove some of your understandable paranoia: 1. Install VirtualBox 5.0 In terminal, to remove any older version of VirtualBox run: ​ Install VBox 5.0 via Synaptic Manager:* * Earlier advice re: debian package is outdated. VBox5 is now available. VirtualBox can now be run from the terminal ("VirtualBox") or from the menu. 2. Download Whonix Gateway & Whonix Workstation (3.1GB in total) Download the necessary files and OpenPGP signatures from this location:* ​ * Anonymous downloads are possible using Tor Browser bundle. Download security without verfication is low (medium risk for torrent downloads). 3. Verify the Whonix images & import developer's PGP signing key* * Checking the integrity of the virtual machine images you just downloaded is critical to make sure no man-in-the-middle attack or file corruption happened. This can take several minutes.* * I forgot to add that you should download Patrick's key at this point here. So, do the following: https://www.whonix.org/wiki/Whonix_Signing_Key Download the PGP key used to sign off the software: Check fingerprints/owners without importing anything: It should show the following: pub 4096R/2EEACCDA 2014-01-16 Patrick Schleizer <adrelanos@riseup.net> Key fingerprint = 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDAsub 4096R/CE998547 2014-01-16 [expires: 2016-10-05]sub 4096R/119B3FD6 2014-01-16 [expires: 2016-10-05]sub 4096R/77BB3C48 2014-01-16 [expires: 2016-10-05]Import the key: The output should look like: gpg: key 2EEACCDA: public key "Patrick Schleizer <adrelanos@riseup.net>" importedgpg: Total number processed: 1gpg: imported: 1 (RSA: 1)To verify Whonix-Gateway, in terminal, run: ​ If the VM images are fine, you should see a message saying: ​ If you see a bad signature like below, delete the image, download and try again: ​ 4. Repeat step three for Whonix-Workstation: ​ 5. Run VirtualBox 5.0 and import Whonix images Open VirtualBox, click the “File” menu at the top, and click “Import Appliance.” Browse for the Whonix-Gateway file you just downloaded, and click “Continue.” Now click “Import,” read the warnings, and click “Agree.” Your Whonix gateway VM will automatically get set up.* * DO NOT CHANGE ANY OF THE DEFAULT IMAGE SETTINGS e.g. memory, display etc. Repeat these same steps with the Whonix-Workstation. When you’re done, you’ll have two new VMs (powered down) in your list of available VirtualBox images. 6. Start Whonix-Gateway and Whonix-Workstation* * The first load of each VM image will be lengthy Highlight each VM and click 'Start' from the top menu. 7. Change passwords on Whonix-Gateway and Whonix-Workstation The default passwords must be changed immediately - use diceware passphrases.* * The default username is: user The default password is: changeme Open a terminal such as Konsole ​ Login as root: ​ Change root and user password: ​ and follow the instructions. 8. Update your package lists on both Whonix-Gateway and Whonix-Workstation and install all available updates* * This will take some time as everything is downloaded via Tor. Never install packages that are unsigned (cannot be authenticated) or where there is a signature verification warning. In Konsole (terminal): ​ 9. Reboot both VMs In Konsole: ​ Both VMs will reboot at this time (may take a while). 10. Create multiple VM snapshots* * Do not use the master VMs for browsing or to open any unauthenticated communication channel to the internet! Only a Tor-browser install or update should be considered on the master VM images. The master VMs should remain 'clean' and 'updated' so they can always be used (snapshotted) for the creation of further (disposable) images you can discard after sessions of browsing and other activity. Once your clean, upgrade images have completed rebooted, shutdown the virtual machines and create snapshots of their clean state BEFORE browsing or initiating any connections with the outside world. To shutdown a virtual machine in VirtualBox, users can simply click the x in the top right corner of the running process or use the menu options. VirtualBox will provide you options to either: "Save the machine state", "Send the shutdown signal" or "Power off the machine". Select "Send the shutdown signal" - this saves all the updates you have made and sends the equivalent of an ACPI shutdown signal. DO NOT select "Power off the machine" by mistake - you will lose the state of changes to the VM images (all your hard work and updates!). This option is like pulling the plug out of the wall for a VM. Once both VMs have shutdown, you should now: 11. Restart your cloned VM images and enjoy Whonix! Simply: - Highlight both cloned Whonix images and press 'Start' from the menu - Conduct all your work in Whonix-Workstation - DO NOT USE WHONIX GATEWAY FOR GENERAL ACTIVITIES other than configuration of Tor settings - Select Tor Browser in Whonix-Workstation and immediately check for updates - including associated add-ons - before browsing - Turn off Javascript globally and set privacy slider to the highest position - Do not browse or conduct other activities until Timesync has completed and Tor connections have been confirmed (you will receive notifications to this effect) Enjoy your new system that protects you even if your Tor Browser is hacked! OPTIONAL: HARDEN VIRTUALBOX SETTINGS* * Paranoid users should also carefully read the Security Guide and Advanced Security Guide for Whonix to consider whether they want to make any additional changes to their host or guest systems. In VirtualBox, the less features, the smaller the attack surface. Here are some suggestions for features which you can remove and not impact core functionality: ​ For the best security, you can consider using multiple physical systems to provide greater isolation i.e. separate computers to run Whonix-Gateway and Whonix-Workstation. You can finally use that spare/old computer hardware you have lying around to improve your security! CONCLUSION: Running Whonix 11 in VirtualBox is a piece of cake for users that are capable of dual-booting their desktop system. You will SIGNIFICANTLY improve security, privacy and anonymity when using suitably hardened virtual environments in combination with GNU/Linux, OpenVPN and the Tor network. It is simply much more difficult (and expensive) for government or other attackers to take over your computer. If you can't beat them - bankrupt them! FINAL COMMENT: We may yet take another long journey to a dual-booted Debian/Qubes system in the near future if there is particular interest. ​
  5. Hello, I need help for my VPN setup. I already have very good skills in using Windows Operating Systems, but i am a new in linux, started using it 1 month ago. My Main Operating System is Linux Mint 18.1. Virtualbox is installed with Whonix Gateway and Whonix Workstation. I was able to run AirVPN Service with Eddie Client on any servers without problems. But for some reason, i can't connect to VPN with OpenVPN Client over Linux Terminal. First i tried port forwarding on my router and then it worked. But i don't want to open router ports for security reasons. Maybe i should forward the needed ports directly over eddie client. Following protocol settings were used: AirVPN_Netherlands_SSH-80 (VPN over SSH, all Netherlands Servers, Port 80) I know all connections are established over remote 127.0.0.1 1412 in openvpn.config. Another port i figured out in AirVPN_Netherlands_SSH-80.sh file is Port 2018. I think the best way to open it would be over Linux Mint directly, but i dont know how to do it. But running VPN in Linux Mint is not as important as running VPN in Whonix-Gateway. That was the first part. The second part are the same connection issues when trying to setup AirVPN over the Whonix Gateway OpenVPN client. The VPN should run before entering Tor Network. I always got the Error: Connection Refused. Maybe the problem is the same, and i have to open ports there, too. But i could not figure out, how to open ports in whonix firewall. The setup is very complex at all. I would like to know, if anyone was able to do this setup correctly. I used the how to from Whonix Wiki Page: https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor#Inside_Whonix-Gateway Maybe my openvpn.config file is wrong. I even don't know if i really need this file, becaue the .ovpn contains almost the same command lines. I think i should add the config of the most important files, to check out wrong details: sudo nano /etc/whonix_firewall.d/50_user.conf ## Make sure Tor always connects through the VPN.## Enable: 1## Disable: 0## DISABELD BY DEFAULT, because it requires a VPN provider.VPN_FIREWALL=1## For OpenVPN.#VPN_INTERFACE=tun0## Destinations you don not want routed through the VPN.## 10.0.2.2-10.0.2.24: VirtualBox DHCP# LOCAL_NET="\# 127.0.0.0-127.0.0.24 \# 192.168.0.0-192.168.0.24 \# 192.168.1.0-192.168.1.24 \# 10.152.152.0-10.152.152.24 \# 10.0.2.2-10.0.2.24 \# " sudo nano /etc/sudoers.d/tunnel_unpriv tunnel ALL=(ALL) NOPASSWD: /bin/iptunnel ALL=(ALL) NOPASSWD: /usr/sbin/openvpn *Defaults:tunnel !requirettyThat are mostly Whonix specific settings, but then things started to get complicated, because the Tutorial Example VPN was Riseup VPN. I don't know if auth.txt is working exactly the same Way for AirVPN. I added username and password for AirVPN instead of Riseup... sudo nano /etc/openvpn/auth.txt riseupusernamevpnsecretHere is the openvpn.conf file that I have written... I think the main problem is the connection to remote server 127.0.0.1 1412. It is a little bit confusing, that all servers of netherlands -or even if i had used global server list for SSH VPN Port 80- using the same remote server. Alternatively, i could add all IP's manually, right? Then my file should look like this: Depending to this .conf file, I have to open port 3599. I would like to know, where i had failed configuration and how to open ports in Whonix Firewall / AirVPN Client Area. Best regards
  6. I have trouble with whonix occasionally, meaning I get errors occasionally. Usually, the problem will resolve if I restart the workstation and gateway. I just wanted to check if I have things set correctly in Eddie for the use of whonix, on an iMac using OSX 10.13.6
  7. i am trying to setup the following: My laptop ((running airvpn on it) -> then virtualbox whonix workstation and gateway and trying to setup airvpn as well on whonix gateway. So that i have 2 times VPN 1. on my laptop 2. on whonix gateway But i can not get this working, whonix gateway keeps saying no route...
  8. As OpenSourcer mentioned, you are looking for VPN over Tor. Btw: In your case, i'd suggest to test this setup in combination with Whonix to avoid any kind of leaks. HOWEVER, please be aware that VPN over Tor does not support random IP rotation as the FAQ states: "Fixed Tor circuit for each OpenVPN session". Further reading for Whonix: https://www.whonix.org/wiki/Tunnels/Introduction
  9. How do you connect the Eddie client to the internet on whonix workstation? I've already set my connection to TCP, tried a variety of the different TCP connections but it still doesn't work. Could anyone give a step by step guide on how to use Eddie in whonix workstation? Thanks very much
  10. Hey all, new to AirVPN. I've been trying to get the above setup working (only a day left until I have to renew) and it's definitely been a challenging one. Essentially, I'd like to have Me -> Tor -> AirVPN within a highly secure Operating System, and at the moment Qubes/Whonix seem to fit that description best as actively developed OS'. I have been trying to follow this guide: https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts , installing the AirVPN client on the ProxyVM. and using it as a bridge between whonix workstation and wonix gateway however AirVPN fails to connect to any servers. Using the browser inside the AirVPN VM does work however, showing the Tor address. An easy to follow guide from Air on how to set up something like this would be awesome. I read this as well: https://airvpn.org/tor/ but if I'm being honest I wasn't sure how to apply the concepts in that article to Qubes/Whonix. I'm also open to suggestions on an easier method of achieving my goal of secure OS + Tor/VPN, even if it means using a different OS. Thanks.
  11. Hey Guys, im Using Kali as a virtual machine. Whonix-gateway too and kali is connected over this whonix gateway. If I want to connect to any server with eddie, at this connection screen its retrying every 30 seconds. If I try this with openvpn and over the terminal, its connecting fine, but its disconnecting after a time about 30mins to 90 mins, tcp and UDP Eddie_20170113_122513.txt
  12. Hello I downloaded the debain 32bit linux client and installated it succesfully. However I cannot connect to any servers. I assume because of some firewall issues in the whonix gateway, but I'm new to linux, watch some youtube videos here and there but mostly teaching myself. Anyways, it will try to connect, fail, reauthorize, try again, repeat. I read the log the best I could but can't put my finger on it. Any help is appreciated, thanks. I 2017.03.22 05:00:01 - Checking authorization ... ! 2017.03.22 05:00:03 - Connecting to Albireo (United States, Atlanta, Georgia) . 2017.03.22 05:00:03 - OpenVPN > OpenVPN 2.3.4 i586-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 19 2015 . 2017.03.22 05:00:03 - OpenVPN > library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08 . 2017.03.22 05:00:03 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2017.03.22 05:00:03 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2017.03.22 05:00:03 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2017.03.22 05:00:03 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2017.03.22 05:00:03 - OpenVPN > Socket Buffers: R=[163840->131072] S=[163840->131072] . 2017.03.22 05:00:03 - OpenVPN > UDPv4 link local: [undef] . 2017.03.22 05:00:03 - OpenVPN > UDPv4 link remote: [AF_INET]104.129.24.178:443 . 2017.03.22 05:00:35 - OpenVPN > [UNDEF] Inactivity timeout (--ping-exit), exiting . 2017.03.22 05:00:35 - OpenVPN > SIGTERM received, sending exit notification to peer . 2017.03.22 05:00:40 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting ! 2017.03.22 05:00:40 - Disconnecting . 2017.03.22 05:00:40 - Connection terminated. I 2017.03.22 05:00:43 - Checking authorization ... ! 2017.03.22 05:00:45 - Connecting to Albireo (United States, Atlanta, Georgia) . 2017.03.22 05:00:45 - OpenVPN > OpenVPN 2.3.4 i586-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 19 2015 . 2017.03.22 05:00:45 - OpenVPN > library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08 . 2017.03.22 05:00:45 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2017.03.22 05:00:45 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2017.03.22 05:00:45 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2017.03.22 05:00:45 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2017.03.22 05:00:45 - OpenVPN > Socket Buffers: R=[163840->131072] S=[163840->131072] . 2017.03.22 05:00:45 - OpenVPN > UDPv4 link local: [undef] . 2017.03.22 05:00:45 - OpenVPN > UDPv4 link remote: [AF_INET]104.129.24.178:443 . 2017.03.22 05:01:17 - OpenVPN > [UNDEF] Inactivity timeout (--ping-exit), exiting . 2017.03.22 05:01:17 - OpenVPN > SIGTERM received, sending exit notification to peer ! 2017.03.22 05:01:20 - Disconnecting . 2017.03.22 05:01:20 - Connection terminated. I 2017.03.22 05:01:20 - Cancel requested. ! 2017.03.22 05:01:20 - Session terminated.
  13. Hi fellas, I have a problem here. I'm running a WIN machine, and I connect to Internet using a AVP over TOR, so, if I use TOR BROWSER its use a TOR NODE and myip it gonna show its a TOR. When I use firefox, trnasmission or another program, myip shows the one assigned by AVP. So, it's all fine at this point. I'm trying to use WHONIX on a VirtualBox VM, so that way, I can use TOR BROWSER on the VM and get thru the AVP over TOR to the internet, and get in the end in myip the AVP assigned ip. But, when I try myip on TOR BROWSER, inside the Virtualbox VM, its reflect the TOR NODE IP. Can you help me to figure out what to do to fix this? Thanks.
  14. Came across this article today. I think AirVPN runs Tor nodes, right? https://www.whonix.org/blog/combining-tor-vpn-proxy-can-make-less-anonymous "Tor avoids using more than one relay belonging to the same operator in the circuits it is building." ...but Tor isn't aware that my first connection to the internet is over VPN. So if Air is my first hop, and Air is also operating an exit that I connect to; they've become the first and last hop. This could expose Air users to correlation attacks. "It is possible to host Tor relays [any… bridges, entry, middle or exit] behind VPNs or tunnel-links. For example, there are VPN providers that support VPN port forwarding. This is an interesting way to contribute to Tor while not exposing oneself to too much legal risk. Therefore, there can be situations, where a VPN or other tunnel-link and a Tor relays could be hosted by the same operator, in the same network or even on the same IP."
  15. I just stumbled across this article by the Whonix Blog and wanted to know what you people think of it. I find some of those points to be irrelevant, but I still want to get a few opinions. https://www.whonix.org/blog/the-hard-cold-truth-behind-vpns https://www.whonix.org/wiki/Comparison_Of_Tor_with_CGI_Proxies,_Proxy_Chains,_and_VPN_Services#Comparison_of_Tor_and_VPN_services
  16. I have a support ticket open but am in a completely different time zone than the staff so I'm only getting a reply every 24 hours. I'm on the trial version and want to get this working and test out the VPN before my trial ends. Hoping for some extra support here. Using protocol TCP I 2017.03.23 23:40:41 - Session starting. . 2017.03.23 23:40:43 - Unable to understand if IPv6 is active. I 2017.03.23 23:40:43 - Checking authorization ... ! 2017.03.23 23:40:45 - Connecting to Agena (Canada, Toronto, Ontario) . 2017.03.23 23:40:45 - OpenVPN > OpenVPN 2.3.4 i586-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 19 2015 . 2017.03.23 23:40:45 - OpenVPN > library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08 . 2017.03.23 23:40:45 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2017.03.23 23:40:45 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2017.03.23 23:40:45 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2017.03.23 23:40:45 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2017.03.23 23:40:45 - OpenVPN > Socket Buffers: R=[87380->131072] S=[16384->131072] . 2017.03.23 23:40:45 - OpenVPN > Attempting to establish TCP connection with [AF_INET]184.75.223.210:443 [nonblock] . 2017.03.23 23:40:46 - OpenVPN > TCP connection established with [AF_INET]184.75.223.210:443 . 2017.03.23 23:40:46 - OpenVPN > TCPv4_CLIENT link local: [undef] . 2017.03.23 23:40:46 - OpenVPN > TCPv4_CLIENT link remote: [AF_INET]184.75.223.210:443 . 2017.03.23 23:40:46 - OpenVPN > TLS: Initial packet from [AF_INET]184.75.223.210:443, sid=3a8610ce 35ff0302 . 2017.03.23 23:40:47 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2017.03.23 23:40:47 - OpenVPN > Validating certificate key usage . 2017.03.23 23:40:47 - OpenVPN > ++ Certificate has key usage 00a0, expects 00a0 . 2017.03.23 23:40:47 - OpenVPN > VERIFY KU OK . 2017.03.23 23:40:47 - OpenVPN > Validating certificate extended key usage . 2017.03.23 23:40:47 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2017.03.23 23:40:47 - OpenVPN > VERIFY EKU OK . 2017.03.23 23:40:47 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org . 2017.03.23 23:40:55 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key . 2017.03.23 23:40:55 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication . 2017.03.23 23:40:55 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key . 2017.03.23 23:40:55 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication . 2017.03.23 23:40:55 - OpenVPN > Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA . 2017.03.23 23:40:55 - OpenVPN > [server] Peer Connection Initiated with [AF_INET]184.75.223.210:443 . 2017.03.23 23:40:57 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) . 2017.03.23 23:40:58 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.5.0.1,comp-lzo no,route-gateway 10.5.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.5.6.12 255.255.0.0' . 2017.03.23 23:40:58 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified . 2017.03.23 23:40:58 - OpenVPN > OPTIONS IMPORT: LZO parms modified . 2017.03.23 23:40:58 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified . 2017.03.23 23:40:58 - OpenVPN > OPTIONS IMPORT: route options modified . 2017.03.23 23:40:58 - OpenVPN > OPTIONS IMPORT: route-related options modified . 2017.03.23 23:40:58 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified . 2017.03.23 23:40:58 - OpenVPN > ROUTE_GATEWAY 10.152.152.10/255.255.192.0 IFACE=eth0 HWADDR=08:00:27:1a:db:a9 . 2017.03.23 23:40:58 - OpenVPN > TUN/TAP device tun0 opened . 2017.03.23 23:40:58 - OpenVPN > TUN/TAP TX queue length set to 100 . 2017.03.23 23:40:58 - OpenVPN > do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 . 2017.03.23 23:40:58 - OpenVPN > /sbin/ip link set dev tun0 up mtu 1500 . 2017.03.23 23:40:58 - OpenVPN > /sbin/ip addr add dev tun0 10.5.6.12/16 broadcast 10.5.255.255 . 2017.03.23 23:41:03 - OpenVPN > /sbin/ip route add 184.75.223.210/32 via 10.152.152.10 . 2017.03.23 23:41:03 - OpenVPN > /sbin/ip route add 0.0.0.0/1 via 10.5.0.1 . 2017.03.23 23:41:03 - OpenVPN > /sbin/ip route add 128.0.0.0/1 via 10.5.0.1 . 2017.03.23 23:41:03 - Starting Management Interface . 2017.03.23 23:41:03 - OpenVPN > Initialization Sequence Completed I 2017.03.23 23:41:03 - Checking route E 2017.03.23 23:41:09 - Checking route don't match . 2017.03.23 23:41:09 - Checking route (2° try) E 2017.03.23 23:41:12 - Checking route don't match . 2017.03.23 23:41:12 - Checking route (3° try) E 2017.03.23 23:41:16 - Checking route don't match E 2017.03.23 23:41:16 - Routing checking failed. . 2017.03.23 23:41:16 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100 ! 2017.03.23 23:41:16 - Disconnecting . 2017.03.23 23:41:16 - Management - Send 'signal SIGTERM' . 2017.03.23 23:41:16 - OpenVpn Management > >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info . 2017.03.23 23:41:16 - OpenVPN > MANAGEMENT: CMD 'signal SIGTERM' . 2017.03.23 23:41:16 - OpenVPN > /sbin/ip route del 184.75.223.210/32 . 2017.03.23 23:41:16 - OpenVPN > /sbin/ip route del 0.0.0.0/1 . 2017.03.23 23:41:16 - OpenVPN > /sbin/ip route del 128.0.0.0/1 . 2017.03.23 23:41:16 - OpenVPN > Closing TUN/TAP interface . 2017.03.23 23:41:16 - OpenVPN > /sbin/ip addr del dev tun0 10.5.6.12/16 . 2017.03.23 23:41:16 - OpenVPN > SIGTERM[hard,] received, process exiting . 2017.03.23 23:41:16 - Connection terminated. I 2017.03.23 23:41:19 - Cancel requested. ! 2017.03.23 23:41:19 - Session terminated. . 2017.03.23 23:43:52 - Updating systems & servers data ... . 2017.03.23 23:43:54 - Systems & servers data update completed
  17. Hello I read the guide in whonix about how to install VPN (it is very old) but AirVPN has a GUI interface, is it sufficient start it?
  18. Lately, I've been unable to get Eddie to connect to any server on my Linux operation system. It's always stuck while doing latency tests and I get this following error message. E 2021.12.27 13:47:45 - Exception: nft issue: exit:1; out:; err:Error: syntax error, unexpected rule, expecting string E 2021.12.27 13:47:45 - del rule ip filter OUTPUT ip daddr 52.48.66.85 counter accept E 2021.12.27 13:47:45 - ^^^^ If you need info on my OS... System: Host: <filter> Kernel: 5.14.0-4mx-amd64 x86_64 bits: 64 compiler: N/A parameters: BOOT_IMAGE=/vmlinuz-5.14.0-4mx-amd64 root=UUID=<filter> ro quiet splash slab_nomerge slub_debug=FZ init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on vsyscall=none debugfs=off oops=panic loglevel=0 spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force ipv6.disable=1 apparmor=1 security=apparmor random.trust_cpu=off intel_iommu=on amd_iommu=on efi=disable_early_pci_dma kaslr pti=on slab_nomerge page_poison=1 slub_debug=FPZ nosmt Desktop: Xfce 4.16.0 tk: Gtk 3.24.24 info: xfce4-panel wm: xfwm4 dm: LightDM 1.26.0 Distro: MX-21_ahs_x64 Wildflower November 22 2021 base: Debian GNU/Linux 11 (bullseye) Machine: Type: Laptop System: ASUSTeK product: ROG Strix G713QM_G713QM v: 1.0 serial: <filter> Mobo: ASUSTeK model: G713QM v: 1.0 serial: <filter> UEFI: American Megatrends LLC. v: G713QM.314 date: 09/03/2021 Battery: ID-1: BAT0 charge: 87.5 Wh condition: 87.5/90.0 Wh (97%) volts: 17.2/15.9 model: AS3GWAF3KC GA50358 type: Li-ion serial: <filter> status: Full Device-1: hidpp_battery_0 model: Logitech Wireless Keyboard K270 serial: <filter> charge: 100% (should be ignored) rechargeable: yes status: Discharging Device-2: hidpp_battery_1 model: Logitech M585/M590 Multi-Device Mouse serial: <filter> charge: 55% (should be ignored) rechargeable: yes status: Discharging CPU: Topology: 8-Core model: AMD Ryzen 9 5900HX with Radeon Graphics bits: 64 type: MCP arch: N/A family: 19 (25) model-id: 50 (80) stepping: N/A microcode: A50000B L2 cache: 4096 KiB flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm bogomips: 52703 Speed: 2857 MHz min/max: 1200/3300 MHz boost: enabled Core speeds (MHz): 1: 3370 2: 2728 3: 3567 4: 3239 5: 2523 6: 1916 7: 2650 8: 4126 Vulnerabilities: Type: itlb_multihit status: Not affected Type: l1tf status: Not affected Type: mds status: Not affected Type: meltdown status: Not affected Type: spec_store_bypass mitigation: Speculative Store Bypass disabled Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization Type: spectre_v2 mitigation: Full AMD retpoline, IBPB: always-on, IBRS_FW, STIBP: disabled, RSB filling Type: srbds status: Not affected Type: tsx_async_abort status: Not affected Graphics: Device-1: NVIDIA GA106M [GeForce RTX 3060 Mobile / Max-Q] vendor: ASUSTeK driver: N/A bus ID: 01:00.0 chip ID: 10de:2520 Device-2: AMD Cezanne vendor: ASUSTeK driver: amdgpu v: kernel bus ID: 06:00.0 chip ID: 1002:1638 Display: x11 server: X.Org 1.20.13 driver: amdgpu,ati unloaded: fbdev,modesetting,vesa resolution: 1920x1080~60Hz OpenGL: renderer: AMD RENOIR (DRM 3.42.0 5.14.0-4mx-amd64 LLVM 12.0.1) v: 4.6 Mesa 21.2.5 direct render: Yes Audio: Device-1: NVIDIA vendor: ASUSTeK driver: snd_hda_intel v: kernel bus ID: 01:00.1 chip ID: 10de:228e Device-2: AMD Renoir Radeon High Definition Audio vendor: ASUSTeK driver: snd_hda_intel v: kernel bus ID: 06:00.1 chip ID: 1002:1637 Device-3: AMD Raven/Raven2/FireFlight/Renoir Audio Processor vendor: ASUSTeK driver: N/A bus ID: 06:00.5 chip ID: 1022:15e2 Device-4: AMD Family 17h HD Audio vendor: ASUSTeK driver: snd_hda_intel v: kernel bus ID: 06:00.6 chip ID: 1022:15e3 Sound Server: ALSA v: k5.14.0-4mx-amd64 Network: Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet vendor: ASUSTeK driver: r8169 v: kernel port: e000 bus ID: 02:00.0 chip ID: 10ec:8168 IF: eth0 state: down mac: <filter> Device-2: Intel Wi-Fi 6 AX200 driver: iwlwifi v: kernel port: e000 bus ID: 03:00.0 chip ID: 8086:2723 IF: wlan0 state: up mac: <filter> IF-ID-1: tun0 state: unknown speed: 10 Mbps duplex: full mac: N/A Drives: Local Storage: total: 7.50 TiB used: 3.22 TiB (43.0%) ID-1: /dev/nvme0n1 vendor: Samsung model: MZVLQ1T0HBLB-00B00 size: 953.87 GiB block size: physical: 512 B logical: 512 B speed: 31.6 Gb/s lanes: 4 serial: <filter> rev: FXM7201Q scheme: GPT ID-2: /dev/nvme1n1 vendor: Samsung model: SSD 970 EVO Plus 250GB size: 232.89 GiB block size: physical: 512 B logical: 512 B speed: 31.6 Gb/s lanes: 4 serial: <filter> rev: 2B2QEXM7 scheme: GPT ID-3: /dev/sda type: USB vendor: Seagate model: Backup+ Hub BK size: 7.28 TiB block size: physical: 4096 B logical: 512 B serial: <filter> rev: D781 scheme: GPT Partition: ID-1: / raw size: 63.98 GiB size: 62.68 GiB (97.96%) used: 13.97 GiB (22.3%) fs: ext4 dev: /dev/dm-0 ID-2: /boot raw size: 256.0 MiB size: 237.9 MiB (92.93%) used: 104.7 MiB (44.0%) fs: ext4 dev: /dev/nvme1n1p2 Sensors: System Temperatures: cpu: 51.0 C mobo: N/A gpu: amdgpu temp: 46 C Fan Speeds (RPM): cpu: 0 Repos: No active apt repos in: /etc/apt/sources.list Active apt repos in: /etc/apt/sources.list.d/airvpn-stable.list 1: deb http://eddie.website/repository/apt stable main Active apt repos in: /etc/apt/sources.list.d/atom.list 1: deb [arch=amd64] https://packagecloud.io/AtomEditor/atom/any/ any main Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list 1: deb http://deb.debian.org/debian bullseye-updates main contrib non-free Active apt repos in: /etc/apt/sources.list.d/debian.list 1: deb http://deb.debian.org/debian bullseye main contrib non-free 2: deb http://security.debian.org/debian-security bullseye-security main contrib non-free Active apt repos in: /etc/apt/sources.list.d/mx.list 1: deb https://mirror.us.oneandone.net/linux/distributions/mx/packages/mx/repo/ bullseye main non-free 2: deb https://mirror.us.oneandone.net/linux/distributions/mx/packages/mx/repo/ bullseye ahs Active apt repos in: /etc/apt/sources.list.d/whonix.list 1: deb [signed-by=/usr/share/keyrings/derivative.asc] https://deb.whonix.org bullseye main contrib non-free Info: Processes: 376 Uptime: 1h 32m Memory: 62.24 GiB used: 5.99 GiB (9.6%) Init: SysVinit v: N/A runlevel: 5 default: 5 Compilers: gcc: 10.2.1 alt: 10 Shell: quick-system-in running in: quick-system-in inxi: 3.0.36 Any help would be much appreciated. Thanks. Eddie_20211227_134819.txt
  19. Hello, I try to connect to AirVPN on Whonix but i cant find a way this works. I want to have Whonix Workstation --> Whonix Gateway (TOR) --> AirVPN. How do i can do this. Couldnt find a proper tutorial for it.
  20. Hi, I am very new to using VPNs (not Tor though), however, instead of using the tor bundle for my operating system (OSX) I use Whonix which is a virtual operating system built for tor. I connect to airvpn using OSX, but when I connect to tor with whonix, I am not sure if I am using the VPN correctly. Essentially I am trying to do user > VPN > Tor I suppose, but I'm not sure which network I am connecting to in whonix. As far as I know whonix is linux based, and I am not very familiar with linux. Has anyone used whonix before? Any help would be greatly appreciated.
  21. hello all, i would like to hear a little bit of advice/assurance on what i am trying to accomplish here. my goal is to obtain a user-VPN-Tor connection through whonix on a virtual machine. the host is windows 7. i have been looking at documentation on doing so and it looks complicated yet doable. https://www.whonix.org/wiki/Tunnel_Tor_through_proxy_or_VPN_or_SSH#Tunnel_Tor_through_VPN https://github.com/adrelanos/VPN-Firewall the idea here is to be able to have a virtual machine running with the above mentioned connection scheme working properly, while allowing the host to communicate freely outside of any VPN or Tor connections. (just through the ISP as normal) in theory, two "separate" connections. host will be able to communicate with true identity, while at the same time the virtual machine is routed as user-VPN-Tor. as of current my setup is to have all connections on host locked through AirVPN servers and DNS, and then starting the whonix-gateway after VPN connection on host has been established. before attempting this setup, i would like to hear some thoughts (maybe from staff as well) on how secure this setup is, and if it is viable. assuming that i have properly setup the virtual machine to take care of user-VPN-Tor and making sure DNS leaks are prevented (also shortly mentioned on the github link as well).
  22. Staff or others, I may have worded my thread title poorly. I am experimenting with Whonix usage via VirtualBox and the dual VM approach they use. For the purposes of this thread I am not looking to discuss the TOR stuff or anything on the outbound side of an Air server unless its fully relevant to the question being asked. I have a machine using a 7 Pro host and its about as locked down as possible to Air servers. All the firewall structure, various rules, etc.. have been tweaked as well as I can and I never see any leaks or issues. Assuming I have configured the host properly I want to try and virtually assure that any Whonix usage is not backwards DISCRIMINABLE (from any Air server to my ISP). Question: I am not concerned that my ISP sees a VPN, only IF Whonix is discriminable. What if anything on my end can be done to prevent backwards discrimination of Whonix? I think I am probably OK but wanted to check for my sake and for other members who may read this.
  23. Hello Staff, Thanks for your reply. I have listed some combinations for a threat model that has powerful adversaries. Could you please rank them like best, better, good, worst (both in the terms of speed and anonymity)? Thanks again! 1 Host Ubuntu 21.04 (Tor + AirVPN)---------->-Virtualbox(NAT)-------->Guest Windows 10 Pro (Tor) 2 Host Ubuntu 21.04 (Tor)------>-Virtualbox(NAT)------->Guest Windows 10 Pro (Tor + AirVPN) 3 Host Ubuntu 21.04 (Tor + AirVPN)------>-Virtualbox(Whonix)-------->Guest Windows 10 Pro (Tor) 4 Host Ubuntu 21.04 (Tor)------>-Virtualbox(Whonix)------->Windows 10 Pro (Tor + AirVPN)
  24. Then i think i'm gonna ask around in the Qubes OS forum and in the Whonix forum as well. I think it will be related to Whonix, because if i use the QubesOS's solution it works perfectly fine. I will report back if there is any progress! Till that time i will try out the random server generator too. Am i allowed to use any AirVPN server address (like europe3.all.vpn.airdns.org) if i'm asking help? Or should i just use some random created address?
  25. ADDITIONAL STEP #39: SET A WORKING TOR BROWSER APPARMOR PROFILE & INSTALL 'HARDENED' TOR-BROWSER* * Unfortunately the recently released, hardened Tor Browser is only availble for Linux 64-bit architecture. Future releases will include 64-bit Windoze and Mac versions. RESOURCES https://torproject.org https://github.com/micahflee/torbrowser-launcher/blob/master/apparmor/torbrowser.Browser.firefox https://github.com/micahflee/torbrowser-launcher/blob/master/apparmor/torbrowser.Tor.tor https://github.com/micahflee/torbrowser-launcher/blob/master/apparmor/usr.bin.torbrowser-launcher Set Working Tor Browser / Tor Launcher Apparmor Profiles Fortunately Micah Lee comes to our rescue again! As the Tor browser and launcher profiles don't work (easily) when installing them from the Whonix stable / developer repositories, we'll just copy Micah's hard work instead, and look at an easy way of fixing any apparmor messages that prevent it starting. Note that we can use these same profiles on both the base machine (Linux Mint) and in the Whonix-Workstation, as I have them working fine. Ditto Debian / Debian derivatives. 1. Create three empty files for our needed apparmor profiles:* * Do this twice - for Linux Mint O/S and then for your whonix workstation master copy, which you will then immediately clone for future use. Tor Browser must also NOT be stored in a hidden ("./") directory in your home folder, or the profile won't apply. 2. Cut and paste Micah's apparmor profiles EXACTLY* and save * For example, if you leave spaces at the end of apparmor profiles, this often causes errors. torbrowser.Browser.firefox torbrowser.Tor.tor usr.bin.torbrowser-launcher 3. Enforce these new apparmor profiles in both Whonix Workstation (master) and Linux Mint 4. Check these profiles are enforced and re-loaded in the kernel OR Access active profiles as root in /sys/kernel/security/apparmor/profiles In terminal, after sudo apparmor_status you should see among your many enforced profiles: 5. Run Tor Browser to see if it works and debug All going well, Tor browser will launch okay for your in both Linux Mint and Whonix Workstation. If it doesn't, examine your apparmor messages in /var/log/kern.log to see what is being blocked and why.* *Installing apparmor-notify via Synaptic Package Manger will also give you a visual read out of apparmor messages as they occur. If you are okay with changing your security preferences in line with what Tor browser / launcher is trying to read, write, execute or map to memory etc, then you use aa-logprof to do this automatically. Basically it will scan the log file and find existing events not covered by the existing profiles set, and then allow you to make modifications to augment the file. Alternatively, you can manually edit the apparmor profiles directly, in line with the error messages. Well done! You now have completely torrified your Mint system, and should have working apparmor profiles on Firefox and Tor Browser on the base system, as well as Tor Browser for Whonix-Workstation. This is a big achievement, as many people new to Linux give up before succeeding. Setting Other Apparmor Profiles In general, apparmor profile generation for other unconfined programs that do not have community-led profiles is easy. For those who are keen, one general process is to use aa-autodep and aal-logprof. 1. Create an empty profile and set it to complain mode 2. Run the program as normal e.g. editing, priting, browsing or whatever. Examine the logs and see what actions are being taken by the program. 3. Quit the program. 4. Run aa-logprof and select appropriate suggestions based on the output of the program. This can include 'abstractions' for things like directory usage, /tmp permissions, directory (tree) permissions and so on. 5. When all errors have been audited, save the file. 6. Set the profile to enforce INSTALL HARDENED TOR BROWSER v5.5a4 For 64-bit Linux users, install the hardened Tor Browser in Linux Mint (not Whonix; it is a 32 bit set-up). This browser will provide greater protection against exploitation of memory corruption bugs by using an address sanitizer. Use high-security verification procedures as per earlier steps, but this time you won't need to download the public key (.asc) or fingerprint it (it's already imported into your keyring). 1. Retrieve the necessary compressed file and signature 2. Verify the package against your previously imported key for the Tor Project Make sure you see "Good signature" from "Tor Browser Developers" and that the date of signing makes sense (not in the future, way in the past etc), and the key has not expired. 3. Extract and enjoy the best browser on the market! CONCLUSION Black hats, corporate / academic scum and the electronic stalker girlfriends on the government payroll - that you didn't know you had - love de-anonymising / hacking Tor users, so it makes very good sense to run Tor Browser in a straight jacket at all times. If / when Tor Browser goes haywire that one time you hit a poisoned script on a http page, you will be hopefully notified and can shutdown your system immediately. In the case of Whonix, this means pulling the virtual plug on both the Workstation and Gateway straight away and deleting the images. Always start again with clean images cloned from the master copies.
×
×
  • Create New...