[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Can anyone tell me whether in using Whonix and connecting to an RDP via Whonix the host or data center of the RDP can resolve your true IP address?


#1

Sorry for such a technical question but I’ve actually researched this and so I don’t know how else to ask it really. First, please allow me to be as specific as possible so as to avoid misunderstandings.

Here is the set up I’d have in mind:

Whonix > VPN > tor > VPN > RDP.

When I have asked people about whether a data center that rents out the RDP would be able to resolve one’s true IP address (the IP address assigned to the user by their ISP), I have asked it within the context of a VPN being on, then a classic virtual box being accessed (not Whonix), and then the RDP.

In that context, which is of course clearly different than the configuration asked about here, the answers vary.

Some people say it depends on the kind of RDP and that there is basically no way to tell.

Others say, no the RDP host (for example the data center that rents out the RDP) will not be able to see the true IP address of the client connecting remotely to the desktop. Instead, they say, the RDP host will only be able to resolve the VPN IP address.

Others are clear: the RDP host will be able to see the true IP address regardless of the VPN’s being on so as to encrypt the data.

Other IT buffs tend to dismiss the question in assuming that it’s blackhat stuff and that they don’t want to be involved. Some ask me why I would want to do such a thing as to ensure that the machine I am connecting to can’t resolve who I am. My question though is only about whether the host of the RDP would be able to see the MAC or host name or IP address of the client if the client were using both a VPN and a virtual box. So, sadly, the answer doesn’t seem as simple as the question.

Here though, my question is more about the Whonix set up available to us and its use in conjunction with an RDP. Does anyone know if with said configuration (again, Whonix > VPN > tor > VPN > RDP) one can be protected from the RDP host or whether the host will still know the true IP address?

Some people have said that a VCN would provide end to end encryption, but others have told me that the RDP host will still be able to see the true IP address and that such is only a means of accessing an RDP if within the RDP they have turned on a VPN service. So lots of conflicting information and I’m not sure where to look if to be sure.

Thank you for reading and any help you may offer.


#2

VPN/tunnel setups aren’t as bulletproof as VM-level separation as Whonix
does with it’s Whonix-Gateway / Whonix-Workstation split architecture.

There is no way [*] for any application inside the workstation to find
out it’s own external IP address. That was never demonstrated during the
lifetime of Whonix.

[*] Unless the application is malicious, breaks out of the VM. (Which a
standard VNC / RDP client won’t - unless the application gets exploited.)


#3

Thank you, Patrick. So what you’re saying is that so long as I access an RDP from within Whonix, provided that I use some VPN or what have you, the RDP simply cannot know my real IP address?

Thank you again, it is much appreciated! By the way, if you’d care to elaborate on how such works, I’d be very interested to learn why. Lots of folks share their knowledge and to save time and to keep things simple they politely respond, looking of course to help out and be on their way. Sometimes though when it’s complicated like with Whonix (at least for people like me it is), it’s nice to know why or how things work regarding the answers we get. Granted sometimes it is simply way too complicated and so if that’s the case here then don’t worry about going into details. :wink:

Thanks again


#4

Hi drhall

Keep in mind what Patrick said:

You may want to consider using Whoinx without a VPN. :wink:


#5

You’re getting ahead of yourself. Forget about the RDP protocol for the time being.

From Whonix’s unique perspective, an RDP client connecting to an RDP server is no different than:
an email client connecting to an email server,
a jabber client connecting to a jabber server,
a World of Warcraft client connecting to a World of Warcraft server,
an internet browser connecting to a web server,
etc.

Each one has its own particular set of risks and obviously more general hardening principles apply here as well (such as use trusted software, use access controls, etc). But what you’re really asking is:

Why use Tor?
Why use Whonix? (Start with Whonix Overview)

These basic questions are answered at the beginning of all of the documentation. You need to become very familiar with the answers before attempting something as ambitious as running your own anonymous server. Then you can focus on which remote access protocol you want to use; which implementation of the protocol; which client; etc.

“Other people / experts / enthusiasts” say the Earth is flat… :slight_smile: Unless you provide the reasoning used to arrive at various conclusions and/or provide links to well-reasoned discussions, it’s just random people saying random things…


#6

drhall:

Thank you, Patrick. So what you’re saying is that so long as I access
an RDP from within Whonix, provided that I use some VPN or what have
you, the RDP simply cannot know my real IP address?

I didn’t refer to VPNs in that sense.

If you read https://www.whonix.org/wiki/Tunnels/Introduction you’ll see
that VPNs are in no way essential to Whonix.

Thank you again, it is much appreciated! By the way, if you’d care to
elaborate on how such works, I’d be very interested to learn why.
Lots of folks share their knowledge and to save time and to keep
things simple they politely respond, looking of course to help out
and be on their way. Sometimes though when it’s complicated like with
Whonix (at least for people like me it is), it’s nice to know why or
how things work regarding the answers we get. Granted sometimes it is
simply way too complicated and so if that’s the case here then don’t
worry about going into details. :wink:

Simplified: The workstation is connected by a virtual lan cable to the
gateway. The gateway doesn’t use ip forwarding. The gateway only runs
Tor and iptables. Such as setup doesn’t enable any clearnet connectivity.

Whonix and all components it is based on are Open Source, if you want to
study it deeply, you can go to lengths.


#7

Great, will do. I’ll look into the documentation so as to get an idea as to why such is the case. My goal for now is just to connect to an RDP such that the host has no way of tracing me. Obviously one could go about such in all kinds of different ways, but as another gentleman below pointed out, that isn’t as simple as merely connecting via Whonix and then suddenly being secure, since beyond the connection there are all kinds of other protocols at play. So, looks like I’ve got a lot of reading to do here first. Thanks for helping :wink:


#8

All excellent points, thank you for your insight here and the links, I’ll go back and start at the beginning. As I said in another comment just a moment ago, for now my main target is connecting remotely to a desktop and simply being and remaining untraceable to said host. If that is not as simple as that depending on what I do beyond the connection, then that too will hopefully be revealed and discussed in further depth in some of the documentation. You are right about the references on my part, it is just hearsay. The problem I meant to point out is that while I get varying answers they are nearly always the same breed regardless of their fundamental nature. That is, while some people say that one cannot know and while others say that the IP address can be traced and while others say no it cannot, only very rarely do any of the responders actually elaborate as to why such is the case. And of course beggars can’t be choosers so I find it a little inappropriate to press people if they don’t want to share. So yeah, maybe the best bet is to simply start reading. Thank you again and if you have any more references on RDPs or anything you think would be helpful, please don’t hesitate as I’d appreciate the literature. :slight_smile:


#9

Thank you very kindly, sir, I’ll indeed look into the documentation. My goal in using VPNs or the like is to be as certain as possible that no matter what, my true IP address really can’t be traced from the host. If it won’t matter and Whonix will always ensure that then all the better for me :slight_smile:

Anyways, as you and other experts here have pointed out, I’ve got a lot of work still ahead of me, so I’ll get busy reading and taking notes. Thank you and like I also requested of other members here, if you think some other links may help me to have a gander at, please don’t hesitate to let me know.