[Help] Secure setup: user > VPN > Whonix > SOCK5

Paranoid · November 15, 2015, 7:41pm

Hi guys.

First of all i wanna say a big THANKS to all the people that are making something like Whonix possibile. I’m searching a good way to protect my anonymity. I’ve tried a lot of stuff, learned a lot, failed a lot, and finally discovered Whonix
Hope you project can grow as much as possible… and i hope i can donate some btc to you guys.

My problem:

I’m trying to setup my project like this:

Host: Ubuntu Live on USB stick with persistance

Host > VPN > Whonix > Sock5

Right now i’m following this steps:

Boot my live usb
Start VPN service and connect to foreign server
- Check for any DNS leak here > https://www.dnsleaktest.com/
- Check my ip with an ip extended check here > http://whoer.net/extended
Start VBox with bot Gateway & Workstation of Whonix
And starting Tor Browser.

I do every step every time i boot my usb. Also i have a protection that makes possibile to put offline the ISP connection if the VPN gets down. AND, just for sure, i put the original pc’s host on hybernate mode to make it harder to access the data in it.
Now, 3 questions;

Am i doing it good here?
How can i do Whonix > SOCK5? I’ve installed redsocks as seen in your documentation but i don’t really know how to use it.
Is it possibile this setup? user > 1st VPN > Whonix with gateway working with another 2nd VPN service+Tor > SOCK5

mywhonix2014 · November 15, 2015, 7:41pm

I think I am trying to do the same here.
A noob wanting to see how to make vpn->tor->socks5 to work.

Decided to try the proxychain step
https://www.whonix.org/wiki/Tunnel_Proxy_or_SSH_or_VPN_through_Tor

Since I have VPN account here
https://www.privateinternetaccess.com/pages/client-support/

I am trying to see it their SOCKS5 Proxy work,
proxy-nl.privateinternetaccess.com 1080

added (replace) below to my proxychains configuration file.

[ProxyList]

add proxy here …

meanwhile

defaults set to “tor”

#socks4 127.0.0.1 9050
socks5 192.168.0.10 9152
socks5 proxy-nl.privateinternetaccess.com 1080

went ahead and tested uwt wrapped application
proxychains /usr/bin/wget.whonix-orig https://check.torproject.org

wget uwt wrapper? and don’t really know how to disable…talks about it here.
https://www.whonix.org/wiki/Stream_Isolation#Deactivate_uwt_Stream_Isolation_Wrapper

but went ahead and tested, here is the result.

user@host:~$ proxychains /usr/bin/wget.whonix-orig https://check.torproject.org
ProxyChains-3.1 (http://proxychains.sf.net)
–2014-06-15 16:14:47-- https://check.torproject.org/
Resolving check.torproject.org (check.torproject.org)… |DNS-request| check.torproject.org
|S-chain|-<>-192.168.0.10:9152-<><>-4.2.2.2:53-<><>-OK
|DNS-response| check.torproject.org is 38.229.72.22
38.229.72.22
Connecting to check.torproject.org (check.torproject.org)|38.229.72.22|:443… |S-chain|-<>-192.168.0.10:9152-<><>-38.229.72.22:443-<><>-OK
connected.
HTTP request sent, awaiting response… 200 OK
Length: unspecified [text/html]
Saving to: `index.html.1’

[  <=>                                                                                                 ] 7,419       16.6K/s   in 0.4s

2014-06-15 16:14:52 (16.6 KB/s) - `index.html.1’ saved [7419]

Not sure if this is correct?
Now the documentation says, do not forget to Remove Proxy Settings from Tor Browser.
Where exactly to do that and afterwards what?

I gotta a run out now… but if you know or anybody else who can give me some advice would be grateful!
Thanks!!

Patrick · November 15, 2015, 7:41pm

Not sure if this is correct?

Look ok.

Now the documentation says, do not forget to Remove Proxy Settings from Tor Browser. Where exactly to do that and afterwards what?

https://www.whonix.org/wiki/Tor_Browser#Change.2FRemove_Proxy_Settings

mywhonix2014 · November 15, 2015, 7:41pm

Thanks, I went and removed the Proxy Settings from Tor Browser by choosing transparent torification.
But the dnstest and ipcheck still result with tor exit node. Am I missing something here?

user@host:~$ proxychains /usr/bin/wget.whonix-orig https://check.torproject.org
ProxyChains-3.1 (http://proxychains.sf.net)
–2014-06-16 11:48:34-- https://check.torproject.org/
Resolving check.torproject.org (check.torproject.org)… |DNS-request| check.torproject.org
|S-chain|-<>-192.168.0.10:9152-<><>-4.2.2.2:53-<><>-OK
|DNS-response| check.torproject.org is 38.229.72.22
38.229.72.22
Connecting to check.torproject.org (check.torproject.org)|38.229.72.22|:443… |S-chain|-<>-192.168.0.10:9152-<><>-38.229.72.22:443-<><>-OK
connected.
HTTP request sent, awaiting response… 200 OK
Length: unspecified [text/html]
Saving to: `index.html.5’

[  <=>                                                                                                 ] 7,420       19.8K/s   in 0.4s

2014-06-16 11:48:39 (19.8 KB/s) - `index.html.5’ saved [7420]

Also another noob question, what address is this 4.2.2.2:53?

Patrick · November 15, 2015, 7:41pm

A public DNS? I would speculate, that proxychains has this IP hardcoded to resolve DNS of your proxy.

In.

I guess you’re better off replacing proxy-nl.privateinternetaccess.com with an IP address. (nslookup proxy-nl.privateinternetaccess.com)

Patrick · November 15, 2015, 7:41pm

Maybe something wrong with /etc/proxychains.conf. Try adding a defunct proxy IP to see if settings are even obeyed.