Access Local Network, Host or Clearnet Internet from VM

From Whonix
Jump to navigation Jump to search

Connections from inside a VM to a service running on the host, inside the local area network (LAN) or clearnet internet. (Esoteric Documentation)

Introduction[edit]

Info This is an esoteric subject and the instructions are probably unnecessary -- advanced users only!

File Transfer might be a far simpler alternative.

Prerequisite Knowledge[edit]

Instructions[edit]

The following example uses ssh, but it could be replaced with something else.

If ssh is utilized, its setup on the host (such as public key setup) and related issues are out of scope for this documentation and are considered prerequisite knowledge. This wiki chapter is focused on connectivity and not server configuration details.

On the Host[edit]

Install the server software. Note: ssh is used as an example but can be replaced with alternatives.

Install package(s) ssh.

A. Update the package lists and upgrade the systemarchive.org.

sudo apt update && sudo apt full-upgrade

B. Install the ssh package(s).

Using apt command line parameter --no-install-recommendsarchive.org is in most cases optional.

sudo apt install --no-install-recommends ssh

C. Done.

The procedure of installing package(s) ssh is complete.

Inside the VM[edit]

Install the client software. Note: openssh-client is used as an example but can be replaced with alternatives.

1. Install openssh-client.

Install package(s) openssh-client.

A. Update the package lists and upgrade the systemarchive.org.

sudo apt update && sudo apt full-upgrade

B. Install the openssh-client package(s).

Using apt command line parameter --no-install-recommendsarchive.org is in most cases optional.

sudo apt install --no-install-recommends openssh-client

C. Done.

The procedure of installing package(s) openssh-client is complete.

2. Optional: Create a persistent home folder for user clearnet.

sudo usermod -d /home/clearnet clearnet

sudo mkhomedir_helper clearnet

3. Open a shell under user clearnet.

sudo -u clearnet bash

4. Permanently disable stream isolation or temporarily circumvent stream isolation.

Syntax:

client-software ip-address

In the following example, note:

  • Replace ssh with the desired client software.
  • Replace the IP 192.168.1.0 with the actual local LAN IP of the host.
  • Drop .anondist-orig if the command is not uwt-wrapped by default.

ssh.anondist-orig 192.168.1.0

Troubleshooting[edit]

  • A configured host firewall might block connections to the service.

See Also[edit]

Footnotes[edit]

  1. It would probably require:
    • Less safe: enabling IP forwarding inside Whonix-Gateway; or
    • Safer: Opening an Incoming Port on Whonix-Gateway Firewall and running some kind of proxy software in Whonix-Gateway with user clearnet that permits forwarding to host, local area network or clearnet Internet.

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 10 year success story and maybe DONATE!