Advice Needed

engagement

I am looking for a connection as secure and anonymous as possible. Currently connect to the air servers with good privacy and then load Tor (as client only) on top. I always use CCleaner to wipe everything after each session and about every 15 minutes in Tor I click "new identity". I have looked at running a Tor relay and I dont really want all of that traffic running through my local network as surely that can lead to questions?

Also, I've heard about changing the mac address regulary but have no idea how?

Another thing is changing the Tor exit nodes - is this the same as when one conects to the VPN servers and then chooses a country with good privacy laws? If so this sounds very worthile....or not?

Thank you for help in advnace and hope this might assist others.

Staff

I am looking for a connection as secure and anonymous as possible. Currently connect to the air servers with good privacy and then load Tor (as client only) on top. I always use CCleaner to wipe everything after each session and about every 15 minutes in Tor I click "new identity". I have looked at running a Tor relay and I dont really want all of that traffic running through my local network as surely that can lead to questions?

Hello!

Your current setup already provides a very robust anonymity layer.

You can restrict the TOR exit node for which a circuit is established. However, narrowing down the possible exit-nodes might or might not lower the anonymity and/or the security layer, you should evaluate that.

Some links:

http://www.wilderssecurity.com/showthread.php?t=311501

http://www.ghacks.net/2008/01/29/configure-tor-to-use-a-specific-country-as-an-exit-node/

Just in case you estimate that the above restriction is necessary but potentially dangerous for you, you might evaluate AirVPN over TOR as a replacement of your current TOR over OpenVPN setup, in order not to allow the few exit nodes you'll be going to use to see your traffic and real packets origins and destinations. https://airvpn.org/tor

In the vision of a "connection as secure and anonymous as possible", if performance has not high priority you can also consider to:

- connect over OpenVPN over TOR in a host machine

- connect over TOR from a VM, in order to have TOR over AirVPN over TOR in your VM

If performance has higher priority, but anyway you want to harden your anonymity layer (if for any reason you can't allow yourself to trust only our servers), you may consider OpenVPN over OpenVPN (however, you'll need two accounts to do that):

- connect over OpenVPN in a host machine

- connect over OpenVPN in a virtual machine toward a different Air server OR a competitor VPN service server, so that in the VM you will have a connection over OpenVPN over OpenVPN, which is generally much faster than [TOR over] OpenVPN over TOR

Also, I've heard about changing the mac address regulary but have no idea how?

Just search for "MAC spoofing". Anyway, you should ask yourself whether you really need that. The MAC address of your computer card never gets out of your LAN (it's just not a part of the network layer so the MAC address of your computer network card is visible only to your router and the devices inside your LAN). See here for some more information:

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=5303&Itemid=142#5306

Kind regards

Anonymous Writer

I am looking for a connection as secure and anonymous as possible. Currently connect to the air servers with good privacy and then load Tor (as client only) on top. I always use CCleaner to wipe everything after each session and about every 15 minutes in Tor I click "new identity". I have looked at running a Tor relay and I dont really want all of that traffic running through my local network as surely that can lead to questions?

Tor automatically reloads after ten minutes; there is no need to change the identity ever fifteen minutes. You can reload it before ten minutes. Generally, one of the weaknesses of Tor is the linkability of Tor streams. Therefore, it may be a good idea to procure a new identity after certain websites, for extra privacy.

No, running a Tor relay is fine--but I suppose it depends on your location and how much bandwidth or data you are willing to allocate.

If you want to remain as secure as possible, you need to use a good browser or a special browser for enhanced privacy; you want to use HTTPS Everywhere, NoScript, Cookie Monster, and you may want to watch LSOs--so called Super Flash Cookies.

Another thing is changing the Tor exit nodes - is this the same as when one conects to the VPN servers and then chooses a country with good privacy laws? If so this sounds very worthile....or not?

The difference between the two is this: with the VPN, you select which server you want to connect to--not so with Tor. It is a mystery where you will exit out of--it can be good or bad. Some exit nodes are bad and some are great.

In my experience, the exit nodes I generally leave are servers and/or services I am familiar with and "trust."

Thank you for help in advnace and hope this might assist others.

It assists me--a labor (labour) of love.

engagement

First and foremost thank you for the answers admin and the other person :-). Both are very helpful. I will be reseraching into setting up a host machine although this sounds extremely complicated and have no idea what this is just yet. Plus customizing Noscript better as there seem to be many options.

Few questions:

1. Does CCleaner do the same job as cookie monster?

2. In my experience, the exit nodes I generally leave are servers and/or services I am familiar with and "trust."

How does one determine which Tor exit nodes are safe to use etc? Care to share? Also how to set it up? When I tried to set Tor so it didnt use exit nodes in USA it doesnt seem to work as dnsleaktest shows me with USA IP. Any suggestions?

3. How do you keep an eye for (LSOs) super flash cookies and what are they?

4. What do you mean linkability of Tor streams?

5. I thought my connection with AirVPN provided HTTPS security? How can I ensure I use this everywhere?

Sorry everyone I am new to all of this but eager to learn. I will try not to ask too many questions and research/read/learn the rest myself.

Thank you once again!

HorseClaws

@ question 3 = use FireFox with this addon: https://addons.mozilla.org/nl/firefox/addon/betterprivacy/

@question 5 = use Firefox or Chrome with this installed: https://www.eff.org/https-everywhere

engagement

Thanks. Just installed both of them.

Any suggestions for other questions?

Staff

First and foremost thank you for the answers admin and the other person :-). Both are very helpful. I will be reseraching into setting up a host machine although this sounds extremely complicated and have no idea what this is just yet. Plus customizing Noscript better as there seem to be many options.
Few questions:
1. Does CCleaner do the same job as cookie monster?

Hello!

Unfortunately this admin knows only the Muppet character Cookie Monster and this Cookie Monster:

http://en.wikipedia.org/wiki/Cookie_Monster_%28computer_program%29

so no proper comparison is currently possible by this admin.

2. In my experience, the exit nodes I generally leave are servers and/or services I am familiar with and "trust."
How does one determine which Tor exit nodes are safe to use etc? Care to share? Also how to set it up? When I tried to set Tor so it didnt use exit nodes in USA it doesnt seem to work as dnsleaktest shows me with USA IP. Any suggestions?

It's very hard if not impossible to answer in a definitive manner to this question. The Tor Project gives some suggestions to lower the probability to establish a circuit with a malicious relay, please see here:

https://trac.torproject.org/projects/tor/wiki/doc/badRelays

3. How do you keep an eye for (LSOs) super flash cookies and what are they?

Local Shared Objects are files stored by Flash (for which they are also called Flash cookies; since they also vaguely remind cookies, they are also called Super Cookies). Their size is arbitrary, there's no theoretical limit to the amount of information which can be stored in them. They are perfect for websites to track users. They might be considered a browser potential security breach. "On 10 August 2009, Wired magazine reported that more than half of the top websites used local shared objects to track users and store information about them but only four of them mentioned it in their privacy policy."

http://en.wikipedia.org/wiki/Local_Shared_Object

You can delete them with options in Flash and you can refuse them by deactivating Flash. Since you use Firefox, an easy way to handle LSO (view, delete, automatic delete etc.) is Firefox add-on BetterPrivacy.

5. I thought my connection with AirVPN provided HTTPS security? How can I ensure I use this everywhere?

Your OpenVPN client works at a lower layer than http and https. It encrypts all your outgoing packets up to Air servers, and all your incoming packets from the server to you. Just like with any higher-layer operating protocol, http and https usage depends on you and the destination website, not on the VPN. For example, let's say that you connect to an Air server, and then to an http website which does not offer https. The data exchanged by you with the website are encrypted between you and the Air server. They remain encrypted between the server and you, so that your ISP (and anybody between you and Air servers) can't see them (neither the real header nor the payload). Once/when the http packets are out on the Internet (out of the VPN, that is), they are NOT encrypted but they never have your IP address.

Kind regards

Anonymous Writer

First and foremost thank you for the answers admin and the other person :-). Both are very helpful. I will be reseraching into setting up a host machine although this sounds extremely complicated and have no idea what this is just yet. Plus customizing Noscript better as there seem to be many options.

Few questions:

1. Does CCleaner do the same job as cookie monster?

2. In my experience, the exit nodes I generally leave are servers and/or services I am familiar with and "trust."
How does one determine which Tor exit nodes are safe to use etc? Care to share? Also how to set it up? When I tried to set Tor so it didnt use exit nodes in USA it doesnt seem to work as dnsleaktest shows me with USA IP. Any suggestions?

3. How do you keep an eye for (LSOs) super flash cookies and what are they?

4. What do you mean linkability of Tor streams?

5. I thought my connection with AirVPN provided HTTPS security? How can I ensure I use this everywhere?

Sorry everyone I am new to all of this but eager to learn. I will try not to ask too many questions and research/read/learn the rest myself.

Thank you once again!

Cookie Monster is similar to NoScript except that it regulates cookies on your brower. There are temporary permissions, revocations, denying, allowing, et al. This is an essential add-on. It makes it more secure and easier to use than the cookies section of the browser.

Linkability of Tor streams--I suggest you do some reseach. But basically what it means is that your Tor connections can be linked from one website to another by the exit node.

Staff

Hello!
Please re-read, you have been given all the elements on how such attacks have the chance to be successful. In particular, to achieve the scope the adversary, in addition to regularly signed certificates, needs to block TOR or increase significantly the probability that the circuit is established with nodes controlled by the attacker (see the previous message for more details).
You seem to not understand. Even if a website's SSL certificate is compromised, a VPN will not protect you. The data will be sniffed. So this argument is not against Tor alone, but all services. Are you actually arguing that using an OpenVPN will protect you from this type of attack? Are you joking?

Hello!

The VPN will effectively protect the victim because it lets him/her to get out of the cage.

Second, as for blocking Tor, so what? What does this accomplish?

It accomplishes (and accomplished in reality) the attacker purpose. Please note that there's a significant difference between blocking TOR and handling the routes so that the probability that the wished by the attacker circuit is established.

Third, as for an attacker gaining control of the network to such an extent and to manipulate it and then compromise a website's SSL certificate or to forge it, in the hope that some nameless anonymous individual's login credentials are sniffed is so far out in left field it is a joke.

Unfortunately the purposes of the attackers in the past were more sinister. Catching the login credentials and exchanged data of activists in Skype, GMail and Facebook is very useful for a human rights hostile regime. Actually, when 300.000 iranian citizens suffered this attack, and the attack was successful (see the previous link about the incident), the purposes were essentially repression and control.

Do you remember the link you gave in the other thread that “proved” you argument, when in fact it did the opposite, do you remember what the original poster stated? Virtually no one used Tor for sensitive content—all sniffed data was on port 80.

That was a significant example, a proof of concept to show you the basis of more sophisticated MITM of SSL attacks.

The fact remains—this whole argument applies to all services, including the AirVPN. The only difference is that supposedly, the attacker gained control of the Tor network, but of course the VPN operator, who can not be tempted to sniff data traffic like the Tor exit node operator, is exempt. Why?

It should appear quite obvious to the careful reader. While with AirVPN this problem is solved with partition of trust (which not necessarily requires TOR), you can't perform partition of trust with TOR alone in the depicted scenario. In that case, the only remaining option to the attacker is disrupting OpenVPN connections (we will soon provide an additional service to mitigate or even solve the problem of OpenVPN connections disruption).

Cannot the VPN operator, in addition to operating a server, also hack a website, so when people exit out of a single hop service, the data will be decrypted by the operator and/or his friends?

It's even worse: actually, as it was repeatedly showed, it is not necessary at all to hack a website to succeed with the attack. The main difference is that if you can't allow yourself to trust the Air operators, you can hide them all your real packet headers AND payloads, while you can't do that with TOR alone in the depicted scenario.

What is the difference? The difference is that with a single hop VPN service, the operator can see every one's IP address and see exactly where the traffic goes. And thus, he can more easily decide to hack any popular website and sniff all data to that encrypted website.

We have faced this problem since when we designed AirVPN, and our suggested solution is partition of trust, so that you have a service which you don't need to trust if you can't allow yourself to trust it. Additionally, we have designed the system so that (if the customer wishes so) no identity can be correlated to an account. In this case, the only option remaining to the attacker is perform correlations (typical vulnerability of any low latency "anonymity" network). However, timing attacks become extremely difficult with OpenVPN, and even more with OpenVPN over TOR, theoretically the only adversary that can successfully perform them is the global adversary.

Multi-hopping within the same VPN infrastructure (or within different VPNs owned by the same entity), while perfectly possible with Air, does not solve the problem unfortunately, since the operators can trivially correlate all the traffic amongst all the VPN servers, while multi-hopping with different VPNs owned by different entities which do not cooperate with each other, or with a connection over OpenVPN over a proxy, does. Of course you can solve the problem as well connecting over TOR|I2P|etc. over OpenVPN over TOR|I2P|etc. (but not TOR over OpenVPN, unfortunately), in which case you don't have to worry neither about a malignant VPN operator nor a malignant TOR|I2P|etc. exit node. In this case the target can only be defeated by an adversary who can control simultaneously the TOR exit nodes and the VPN server. That this VPN operators can be this adversary, i.e. that they can have the power of a government which can control ISPs and border routers, is an extraordinarily near zero probability.

TOR over OpenVPN does not solve the problem because, if you imagine a really nasty VPN operator, you can assume that he/she hi-jack TOR connections from the VPN server to which you connect to, in order to enhance greatly the probability that you establish a circuit where the exit node is controlled by the same nasty operator (but obviously he/she can't do that if you connect over OpenVPN over TOR).

The purpose of the previously mentioned attacks are the opposite, that is intercepting the traffic to the real website: the hi-jacking may be only at the login page, which may be absolutely necessary in order to allow (only if needed) the correct "interfacing" with the victim toward the real website. After that all the victim traffic comes and goes to the real website. On the victim side, the outgoing traffic is encrypted with the keys already known by the interface, which decrypts the victim traffic, re-encrypts it and sends it to the real website. On the victim inbound flow, the interface decrypts the traffic from the real website (in this phase, if it is wished, packet injections/packet forging are performed) re-encrypts it with the previous keys and sends it to the victim. It is a very similar thing which can be performed in corporate environments to check the payload of https traffic, for which vInspector has been designed, with the difference that in corporate environments certificates don't need to be properly signed or stolen.
I think you are sorely confounding many different things.

Let's make a step back before proceeding. Have you understood how the attack works and why it does not need to hack https website and/or authority servers, and how the SSL/TLS packets to and from the victim are decrypted and re-encrypted?

Absolutely not, this is not a fault of the original website (for example Google), which suffered no security breach. In the example the security breach was in a CA website, but in the given links (for example in the Wikipedia article and in its references) you can see how it is possible to do that without even breaching the security of the sites of an authority.
Yes, I am aware of that. I was not making specific references to any particular hack. The argument was that the breach was on a third party site; it was not the Tor service. Whether the third party site is CA website or Google, it matters little.

We have seen real cases in which the attack does not need neither a breach on any authority website nor a breach on any https website (see the links on the Wikipedia article). We are making specific references to real incidents which really occurred, while the impression (but this admin may well be wrong, no offense meant) is that you are facing the issue in a fantastic, ideal scenario, ignoring the incidents really occurred in the past years. It must be said also, for completeness, that some of the most critical TOR vulnerabilities have been fixed at the end of 2011 ( https://blog.torproject.org/blog/tor-02234-released-security-patches ), while critical vulnerabilities in OpenVPN have not been found until today.

Kind regards

HorseClaws

cookie monster is a cookie management program.

C (Crap) Cleaner is a handy free program:

CCleaner is our system optimization, privacy and cleaning tool. It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner. But the best part is that it's fast (normally taking less than a second to run) and contains NO Spyware or Adware!

you can set it to delete /save cookies as you wish, but it's not a cookie management program as such.

engagement

In the vision of a "connection as secure and anonymous as possible", if performance has not high priority you can also consider to:

- connect over OpenVPN over TOR in a host machine

- connect over TOR from a VM, in order to have TOR over AirVPN over TOR in your VM

If performance has higher priority, but anyway you want to harden your anonymity layer (if for any reason you can't allow yourself to trust only our servers), you may consider OpenVPN over OpenVPN (however, you'll need two accounts to do that):

- connect over OpenVPN in a host machine

- connect over OpenVPN in a virtual machine toward a <strong>different</strong> Air server OR a competitor VPN service server, so that in the VM you will have a connection over OpenVPN over OpenVPN, which is generally much faster than [TOR over] OpenVPN over TOR

1. Is a VM the same as HM?

2. Do you have any useful links with regards of step-by-step of setting up a HM/VM?

3. How difficult and what is needed to set up the HM/VM?

4. Regarding Tor is it possible without a VM/HM to have Tor over VPN over VPN?

5. You said performance is slower with VPN over Tor - roughly how much slower percentage wise (a guess is ok)

Thanks and slowly but surely getting my around all of this.

Staff

[quote name='"engagement" post=5479

1. Is a VM the same as HM?

Hello!

The host is the machine which "hosts" virtualized operating systems (the Virtual Machines' date=' also called "guests"). Typically the host is your computer with your OS.

2. Do you have any useful links with regards of step-by-step of setting up a HM/VM?

There are several virtualization programs, amongst which VMWare and VirtualBox are particularly powerful and easy to use.

3. How difficult and what is needed to set up the HM/VM?

You need a virtualization program, such as VirtualBox or VMWare, and and operating system to install on one of the Virtual Machines. Once done, you'll have a guest operating system (the new OS installed in the VM) running inside ("hosted") by your host OS.

See for example:

http://en.wikipedia.org/wiki/Virtualbox

4. Regarding Tor is it possible without a VM/HM to have Tor over VPN over VPN?

In this case the main problem is not the part regarding TOR, because once you have established a connection over a VPN over a VPN, tunneling over TOR over VPN over VPN is trivial. The core problem is connecting a VPN over a VPN both with OpenVPN clients on the same machine which has one physical network card. There are several issues and if you don't master networking, routing tables and masquerading, then virtualization is a much, much simpler solution.

5. You said performance is slower with VPN over Tor - roughly how much slower percentage wise (a guess is ok)

Unfortunately it's impossible to say: it depends on too many factors. In Italy (tested with very few ISPs only), usually the bandwidth by establishing Air (with Holland servers) over a "random" circuit on different days and times of the day oscillates from around 200 kbit/s to 600-700 kbit/s.

Kind regards

engagement

Thanks all seems fairly straight forward or at least I hope. Here goes - going to try set up either VMWare or VirtualBox or at least get my head properly round it all now.

1. Did you mean that I will need a valid windows CD to create the HM with either VMWare or VirtualBox ? I hope they are free but will check right now after this.

2. The speeds that you mentioned sound very capable.

3. I also have one other non-connection related question which you might be able to help with. If I am using truecrypt on my OS and have files encrypted with PGP within a hidden volume then when I decrypt the file (still onto the hidden volume) and then read it with say notepad on my comp and then encrypt once finished and remove unencrypted version obviously. As files are always recoverable in some way is it not possible that someone could still view the files using this method and completely defeat the purpose of these systems?

After the HM setup I hope I am close to reaching the vision we have described as: "In the vision of a "connection as secure and anonymous as possible"

although i did have trouble setting up the Tor exit nodes. I entered text in file as stated on link given but my IP when using Tor still shows using USA for example even though I choose to exclude these ones? I will try to sort this first to save yourself time and if cannot will check back.

As always your advice/help is literally "unvaluable"! If your privacy terms and commitment to NEVER sharing information with anyone live up to the standards of your customer service and support then this really is something special here that should be highly valued.

engagement

P.S. Once I have successful set up my system with your fantastic help (which I will confirm with you here) could you kindly delete this thread?

Staff

Thanks all seems fairly straight forward or at least I hope. Here goes - going to try set up either VMWare or VirtualBox or at least get my head properly round it all now.
1. Did you mean that I will need a valid windows CD to create the HM with either VMWare or VirtualBox ? I hope they are free but will check right now after this.

Hello!

You will need a valid OS image and the license to use it. However not all OS are protected by copyright, you can use free and open source OS or distribution of OS which come under GPL, like Linux distributions, or similar like OpenBSD. If your host is Windows-based, it can anyway host such OSes.

3. I also have one other non-connection related question which you might be able to help with. If I am using truecrypt on my OS and have files encrypted with PGP within a hidden volume then when I decrypt the file (still onto the hidden volume) and then read it with say notepad on my comp and then encrypt once finished and remove unencrypted version obviously. As files are always recoverable in some way is it not possible that someone could still view the files using this method and completely defeat the purpose of these systems?

Of course, the normal practice is that a file inside an encrypted volume is never ever stored in unencrypted form outside the volume anywhere. If this happens accidentally, the unencrypted file needs to be securely shredded.

http://en.wikipedia.org/wiki/Data_erasure

After the HM setup I hope I am close to reaching the vision we have described as: "In the vision of a "connection as secure and anonymous as possible"

Please consider, even in view of your point 2, that the reported performance is OpenVPN over TOR and TOR over OpenVPN. TOR over OpenVPN over TOR or TOR over VPN over VPN will have a slower performance.

As always your advice/help is literally "unvaluable"! If your privacy terms and commitment to NEVER sharing information with anyone live up to the standards of your customer service and support then this really is something special here that should be highly valued.

Thank you!

Kind regards

engagement

3. I also have one other non-connection related question which you might be able to help with. If I am using truecrypt on my OS and have files encrypted with PGP within a hidden volume then when I decrypt the file (still onto the hidden volume) and then read it with say notepad on my comp and then encrypt once finished and remove unencrypted version obviously. As files are always recoverable in some way is it not possible that someone could still view the files using this method and completely defeat the purpose of these systems?

Of course, the normal practice is that a file inside an encrypted volume is never ever stored in unencrypted form outside the volume anywhere. If this happens accidentally, the unencrypted file needs to be securely shredded.

http://en.wikipedia.org/wiki/Data_erasure

So to clarify on point above: it is safe to access and temporarily store (until accessed and re encrypted using PGP) a file from inside the hidden volume so that it could not be recoverable? I guess this issue is really sorted by running a hidden OS instead.

Once I have successful set up my system with your fantastic help (which I will confirm with you here) would you mind deleting this thread?

Staff

Of course, the normal practice is that a file inside an encrypted volume is never ever stored in unencrypted form outside the volume anywhere. If this happens accidentally, the unencrypted file needs to be securely shredded.
http://en.wikipedia.org/wiki/Data_erasure
So to clarify on point above: it is safe to access and temporarily store (until accessed and re encrypted using PGP) a file from inside the hidden volume so that it could not be recoverable?

Yes, provided that all the I/O operations are performed inside the encrypted volume.

An adversary can see your encrypted files only if it gains access to your computer while the volume is mounted, so you should not leave your computer unattended with mounted TrueCrypt volumes if someone can gain access to it. Please see also here for a lot of useful information:

http://www.truecrypt.org/docs/

You can keep a VM completely inside an encrypted TrueCrypt volume: just create the virtual hard disk inside the virtual encrypted volume.

Once I have successful set up my system with your fantastic help (which I will confirm with you here) would you mind deleting this thread?

You should use the "Contact us" form if you don't want to make your messages public. Even if we delete this thread, it will remain available on the Internet Archive.org Wayback Machine, Google cache... A forum is meant for public discussions which should remain available to all readers for future references.

Kind regards

engagement

Hi!

Yes your right and this should be extremely helpful for others looking to do the same!

I managed to install the VM. I now have Linux Ubuntu running on my windows 7 HM. I managed to create the virtual disk in a hidden vol of a truecrypt container too :-)

I now have a few questions:

1, Is it correct that with this new set-up Tor exit nodes will be irrelevant?

2. Do I need to reinstall all software such as AirVPN, skype etc on the ubuntu VM? Or how does this work?

3. Still only have one VPN provider? Do i need a 2nd VPN for this or can Tor do the job?

4. Could you kindly label the correct steps of how I be connecting to achieve the vision we described as:

"In the vision of a "connection as secure and anonymous as possible"

5. "Yes, provided that all the I/O operations are performed inside the encrypted volume."

What is an I/O operation?

Thanks as always!

Staff

Hi!
Yes your right and this should be extremely helpful for others looking to do the same!
I managed to install the VM. I now have Linux Ubuntu running on my windows 7 HM. I managed to create the virtual disk in a hidden vol of a truecrypt container too :-)
I now have a few questions:
1, Is it correct that with this new set-up Tor exit nodes will be irrelevant?

Hello!

What do you mean with irrelevant...? If you refer to TOR over OpenVPN over TOR, one TOR exit node is essential to send your packets to our servers and receive them from our servers, the other TOR exit node is essential to send out and receive packets to/from the Internet (assuming two circuits).

2. Do I need to reinstall all software such as AirVPN, skype etc on the ubuntu VM? Or how does this work?

Yes. In order to connect to Air please install OpenVPN and follow the instructions for Linux.

3. Still only have one VPN provider? Do i need a 2nd VPN for this or can Tor do the job?

You have now tons of options: Any VPN over AirVPN over TOR, TOR over AirVPN over TOR, proxy over AirVPN over TOR, I2P over VPN over TOR, AirVPN over AirVPN over TOR... and theoretically you can even connect (from the VM) over AirVPN over TOR over AirVPN over TOR, or over TOR over AirVPN over AirVPN over TOR etc. etc.. These last two "setups" work fine, but do not expect performance exceeding 100 kbit/s, and be ready for very high latency (1000-2000 ms with the final host you connect to are not uncommon). Usually connecting over a VPN over TOR over AirVPN over TOR is necessary only in extremely critical environments which currently we have not found in practice in any country (but of course our experience is not "universal").

You should study each solution to see which one suits your needs in the best way, i.e. the best compromise between security and performance, provided the minimum necessary setup to defeat your adversary. Ideally, you should have a clear vision of the maximum power your adversary (or adversaries) has/have.

5. "Yes, provided that all the I/O operations are performed inside the encrypted volume."
What is an I/O operation?

I/O = Input / Output.

Kind regards

engagement

I want to achieve either one of these set-ups below and am unsure which to choose. I am happy for you to make a recommendation taking into consideration I am looking for security but also am running out of available time to complete my set-up as i must return from my cave to the real world to full-time work soon and want to get this completed! :-) Both of these seem pretty secure anyhow.

In the vision of a "connection as secure and anonymous as possible", if performance has not high priority you can also consider to:

- connect over OpenVPN over TOR in a host machine

- connect over TOR from a VM, in order to have TOR over AirVPN over TOR in your VM

I have managed to install "OpenVPN Access Server version 1.8.4 for Ubuntu10 i386 " - although actually running ubuntu 12.04 I think it is. I can see its installed but have no idea how to access the file or configure the OpenVPN settings. Advice? Maybe a good link?

Will I need to also install skype, TrueCrypt, Tor and all other software on Ubuntu? Im confused whether Ill be using the firefox/Tor on my normal desktop or the equivalent on the ubuntu VM when fully set-up?

Staff

I have managed to install "OpenVPN Access Server version 1.8.4 for Ubuntu10 i386 " - although actually running ubuntu 12.04 I think it is. I can see its installed but have no idea how to access the file or configure the OpenVPN settings. Advice? Maybe a good link?

Hello!

Please see here:

https://airvpn.org/linux

Will I need to also install skype, TrueCrypt, Tor and all other software on Ubuntu? Im confused whether Ill be using the firefox/Tor on my normal desktop or the equivalent on the ubuntu VM when fully set-up?

It was understood that you had already placed the guest virtual HDD inside a host TrueCrypt volume

When the VM is fully setup, you have plenty of options, please see the previous message. For example, if you wish to connect over TOR over AirVPN over TOR:

- connect the host over AirVPN over TOR

- connect the guest programs over TOR (just to make an example use the Aurora browser of the Tor Browser Bundle in the guest)

If you wish to connect over VPN over VPN:

- connect the host to a VPN service

- connect the guest over another VPN (you can also perform Air 2-hops, connecting the host to an Air server and the guest to another Air server, in which case you will need 2 Air accounts - EDIT: this is not partition of trust because you would multi-hop on servers that are all controlled by the same entity)

Kind regards

engagement

Linux is too complicated for me as I have no prior knowledge of it. I looked for windows 2000 for perfomance but couldnt find an iso (due to some random java settlement) so am downloading windows 2007 + windows 7 .iso files for a new VM which I found here:

FREE 60 DAY TRIAL ON WINDOWS SERVER 2008 ENTERPRISE

http://www.microsoft.com/en-us/download/details.aspx?id=8371

OFFICIAL WINDOWS ISO FILES (NEEDS ACTIVATING)

http://en.community.dell.com/support-forums/software-os/w/microsoft_os/3316.2-1-microsoft-windows-7-official-iso-download-links-digital-river.aspx

I want to acheive Tor over AirVPN over Tor and therefore need to do the following:

- connect the host over AirVPN over TOR

- connect the guest programs over TOR (just to make an example use the Aurora browser of the Tor Browser Bundle in the guest)

So to acheive this I will:

1. Now install the new windows VM

2. Then download and install Tor and the windows AirVPN client on the VM and then am assuming Im good to go pretty much

3. OR are there any special settings to make the "Tor over VPN part of the connection on normal windows" (HM its called right?) routes to the VM correctly?

So then once fully set-up to connect I would do as follows:

a. On HM (normal windows) connect to Tor.

b. Once connected to Tor, connect to AirVPN.

c. Start the VM and then again connect to Tor within it

d. Done! Use the internet with" Tor over VPN over Tor" using the last Tor Browser launched in the VM for your browsing needs?

If point a is correct then how can I change my Comodo settings to allow me to connect to Tor first as the current rules only allow connections to AirVPN servers. Could these changes to settings alow for DNS leaks?

Thank you! Looks like Im nearly there!

Staff

I want to acheive Tor over AirVPN over Tor and therefore need to do the following:
- connect the host over AirVPN over TOR
- connect the guest programs over TOR (just to make an example use the Aurora browser of the Tor Browser Bundle in the guest)
So to acheive this I will:
1. Now install the new windows VM
2. Then download and install Tor and the windows AirVPN client on the VM and then am assuming Im good to go pretty much
3. OR are there any special settings to make the "Tor over VPN part of the connection on normal windows" (HM its called right?) routes to the VM correctly?

Hello!

That's correct, there are no additional requirements. However, the previous admin post forgot to specify an important detail, that is the VM must be connected to the host via NAT in order to render the setup effectively working (i.e. no bridging). This is the default configuration in VirtualBox (just make sure that "NAT" is selected in "Settings"->"Connections") so you should not worry about it, the virtualization program will take care transparently of all NATting.

So then once fully set-up to connect I would do as follows:
a. On HM (normal windows) connect to Tor.
b. Once connected to Tor, connect to AirVPN.
c. Start the VM and then again connect to Tor within it
d. Done! Use the internet with" Tor over VPN over Tor" using the last Tor Browser launched in the VM for your browsing needs?

Correct. About point b, remember to configure OpenVPN to connect to an Air server over your TOR proxy. The configuration generator or the Air client will take care of it, just select the appropriate options for Proxy Type, Proxy IP and Proxy Port.

If point a is correct then how can I change my Comodo settings to allow me to connect to Tor first as the current rules only allow connections to AirVPN servers. Could these changes to settings alow for DNS leaks?

The rules should already allow these type of connections because, when you connect OpenVPN over TOR, OpenVPN will communicate with 127.0.0.1 (your local proxy address), which is explicitly allowed in some rule. Additionally remember, when Comodo will prompt you about that, to allow any communication from/to the Virtual Machine (i.e. take care not to block the virtualization program NAT).

If you have any issue on this matter please do not hesitate to contact us, a Comodo expert will support you.

Kind regards

engagement

Ok sounds great. Will let you know if I have any problems or if I manage successfully. Should be later tonight.

Just 2 questions:

1. Can I use the AirVPN windows client on HM and VM or I have to download and use OpenVPN for both this as I saw you mentioned downloading the configuration files?

2. How to identify if I am selecting the appropriate options for Proxy Type, Proxy IP and Proxy Port

Thanks

Staff

Ok sounds great. Will let you know if I have any problems or if I manage successfully. Should be later tonight.
Just 2 questions:
1. Can I use the AirVPN windows client on HM and VM or I have to download and use OpenVPN for both this as I saw you mentioned downloading the configuration files?

Hello!

You can use the Air client both on your host and guest OS. Please note that you can't use the same account for two simultaneous connections.

2. How to identify if I am selecting the appropriate options for Proxy Type, Proxy IP and Proxy Port

You need to know the proxy type, IP and listening port of the proxy you're using. You can discover them from inside the proxy interface and its documentation.

Kind regards

Advice Needed

Recommended Posts

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Join the conversation