Questions about VPN-Firewall

General Tor and Anonymity Talk
1

I see your VPN-Firewall on Github .
I would set up a VNP in the host OS .
I will do thus :

  1. Install OpenVPN ;
  2. Download certificates from the VPN provider ;
  3. Config OpenVPN with certificates ;
  4. Install VPN-Firewall and makes it bootable ;
  5. My personal sysctl configuration for preventing leaks ;
  6. Various test how suggested from this website ;
  7. I forgot something ? :slight_smile:
    These is my intentions, bit I have a question, this command ( iptables -P INPUT DROP ) drop all incoming connection such as the basic setup of ufw advides from you to the documentation ?

I use Debian Jessie + Whonix 10 :slight_smile: .

2
7) I forgot something ? :)
Not that I know.
this command ( iptables -P INPUT DROP ) drop all incoming connection such as the basic setup of ufw advides from you to the documentation ?
"drop all incoming connection" is too ambiguous.

‘iptables -P INPUT DROP’ sets iptables default policy for the input chain to drop which is widely recommended. Prevents accidentally running server services from being accessed from the outside.

Later in the firewall rules, we allow incoming connections for previously outgoing connections. (‘iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT’)*

*[Which reminds me of an issue. RELATED,ESTABLISHED -> ESTABLISHED · Issue #9 · adrelanos/vpn-firewall · GitHub But I don’t find time for this project. Help welcome.)

3

Thanks a lot, i understood something :smiley: .
However, you linked me a gateway firewall problem, i mean only VPN-Firewall on my host, should I modify this two line of code also for my host ?
I can explain better, the page that you linked me speaks about vpn-firewall but the info related not, that is then it bring me to gateway-firewall problem .
I don’t know if it’s really a vpn ( host ) problem or a whonix gateway firewall problem .

Sorry for the help but I’m not an expert, I can help you only if you tell me what test i should do :frowning: …

Thanks for all support !!!

4

up :slight_smile:

5

It’s a technical non-perfection. TODO. I don’t know if/when I find time to work on this.

As a user there is nothing you can do about this. I just mentioned it to give anyone a chance to jump in to help out and contribute.

6

Hi,
I have news .
I tested my VPN on the Host .
See that anyone can help me and i see the motivation, i tried to do a little test, but it’s not a deep test .

  1. I saw the behavior of the VPN-Firewall, the connection has closed when the vpn drops or when I closed openvpn process .
    Nothing has passed through the Whonix connection/gateway, the next days i will verify if the firewall blocks the host connection also .
  2. I did dns leaks test with Whonix-Workstation and it’s all ok, of course i know that it isn’t a Host problem but a Whonix problem, a problem that Whonix doesn’t suffer, so it’s all ok .
    It’s a useless test for this purpose but in the next days i’ll do the real vpn test for leaks, that is from the host .
  3. Then I sniff packects like a dog :smiley: with wireshark with administrator priviledges, for my little knowledges, I saw that nothing has passed out the VPN, I will do other tests in the future but for now I’m very happy .
    Of course my host system is clean, i didn’t see any leaks for now, only some connection to the router but it depends of my sysctl configuration, i’ll improve it :slight_smile: .

Thanks to you Andrelanos, I’ll post here other results .

When i’m ready i post my sysctl configuration, it’s very important for security of the host and many attack methods to the our TOR connection .
I want to post here the sysctl documentation that I found, i’m making my sysctl configuration and an help is grateful :smiley: .
https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt