Anon-whonix or fedora/debian based appVM

jamesferkin · October 2, 2016, 3:42pm

Hello
My configuration is this
proxyVM<—sys-whonix<—proxyVM
Now my intention is to connect an appVM to the proxyVM to use it just for the remote desktop control (Remmina).
What do you recommend me between anon-whonix and fedora/debian based appVM?
As I said before, I don’t use it to surf

Best Regards

Patrick · October 2, 2016, 6:10pm

I don’t understand this configuration.

jamesferkin · October 3, 2016, 1:35pm

ProxyVM between sys-whonix and anon-whonix

My question is if I can change anon-whonix with a Fedora/Debian based appVM, that I’ll use just for remote desktop control.
What do you recommend?

Best Regards

Patrick · October 3, 2016, 4:34pm

I don’t recommend that.

jamesferkin · October 3, 2016, 8:27pm

Ok, the for security you recommend anon-whonix
Do I need to change something to connect proxyVM with anon-whonix or just use the first like its netVM?

Best Regards

entr0py · October 3, 2016, 9:07pm

Why would you exit from a proxy in this situation?
Does your remote desktop server block Tor exit nodes?
user -> Tor -> remote is more anonymous than
user -> Tor -> proxy -> remote

Pre-configured stream-isolated apps won’t work with default settings. You’ll have to remove proxy settings from those if you want to use them.

Patrick · October 3, 2016, 9:12pm

Similar to this:
Connecting to Tor before a VPN

jamesferkin · October 4, 2016, 10:37am

Also I think that user–tor–rdp is more anonymous than user–tor–vpn–rdp because the tor paths will be the same and doesn’t change, but if you adapt the vpn to the feature of Tor (every ten minutes reconnect it), I believe that won’t be a disadvantage.

Patrick · October 5, 2016, 12:40pm

There would be no forced 10 minutes disconnect. Tor does not do that. That would be a long lived connection.

jamesferkin · October 5, 2016, 2:29pm

If I have understood well to avoid these scenarios

scenario 1)

a) User uses VPN IP A on the host, thereby using it as it’s first relay.

b) User’s Tor client happens to pick a Tor exit relay running on VPN IP A.

Conditions a and b match at the same time. The user is now using the
same IP as first and last proxy.

–> By using the VPN the user did not get more, but less secure.

different scenario 2)

a) User sets up a VPN inside Whonix-Workstation. Thereby that results
in user -> Tor -> VPN -> internet. Using VPN IP A.

b) A Tor entry guard is being hosted on VPN IP A.

Conditions a and b match at the same time. The user is now using the
same IP as first and last proxy.

–> By using the VPN the user did not get more, but less secure.

*Choose a VPN that doesn’t resell his servers
*Use a VPN that has used by few tor users
*Use/Create a “personal” VPN that nobody can use