I’ve attempted to create a VM on my ubuntu host machine that is accessing the internet via a dedicated VPN app. I’m able to disconnect my host VPN and access the web within the VM, but cannot access the web when the host VPN is enabled. Ideally I’d like to enable the VPN on the host and pass through web access to the VM.
I have two questions:
- If my use case is to use a VM to increase privacy and security as well as isolate my operations within the VM from my host, is it better to have the VPN app from inside the VM or pass the host’s through to the VM?
- If it doesn’t make much of a difference, how can I go about passing the host’s VPN to the VM?
In either scenario, I’d still like to keep the host’s VPN active while being able to use the VM, which I currently cannot.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 3K Posts
- 75.4K Comments
- Modlog
You might want to look at the qubes operating system architecture documents.
For maximum privacy, you would want one container or VM to have access to the internet and run your VPN endpoint. This container would have firewall rules applied so it could only talk to the other side of the VPN on the internet interface. This container should also have another interface connecting to your guest VM.
For your guest VM, it could only route traffic to the VPN container.
You could also use network name spaces to do the same thing without containerization. Depending on your threat model and level of paranoia.
The benefit of segmenting out the VPN program into its own working space, is that if there’s any bugs, any lapses, traffic doesn’t accidentally get to the main internet. It’s less leaky. Especially if you consider a hostile program running inside of your guest VM that’s trying to defeat any VPN program.