Access Local Network, Host or Clearnet Internet from VM
Donate
Connections from inside a VM to a service running on the host, inside the local area network (LAN) or clearnet internet. (Esoteric Documentation)
Introduction[edit]
This is an esoteric subject and the instructions are probably unnecessary -- advanced users only!
File Transfer might be a far simpler alternative.
Prerequisite Knowledge[edit]
Instructions[edit]
The following example uses ssh, but it could be replaced with something else.
If ssh is utilized, its setup on the host (such as public key setup) and related issues are out of scope for this documentation and are considered prerequisite knowledge. This wiki chapter is focused on connectivity and not server configuration details.
- Whonix-Gateway: These instructions only apply to Whonix-Gateway.
- Whonix-Workstation: This is currently undocumented. It would likely require a complex setup and pose a high risk of clearnet leaks; see footnote. [1] Instead of using these instructions it is recommended to consider SSH / SSHFS (ssh file system) into Whonix-Gateway, SSH / SSHFS into Whonix-Workstation, and SSHFS into Whonix-Workstation.
On the Host[edit]
Install the server software. Note: ssh is used as an example but can be replaced with alternatives.
Install package(s) ssh.
A. Update the package lists and upgrade the system
.
sudo apt update && sudo apt full-upgrade
B. Install the ssh package(s).
Using apt command line parameter --no-install-recommends is in most cases optional.
sudo apt install --no-install-recommends ssh
C. Done.
The procedure of installing package(s) ssh is complete.
Inside the VM[edit]
Install the client software. Note: openssh-client is used as an example but can be replaced with alternatives.
1. Install openssh-client.
Install package(s) openssh-client.
A. Update the package lists and upgrade the system.
sudo apt update && sudo apt full-upgrade
B. Install the openssh-client package(s).
Using apt command line parameter --no-install-recommends is in most cases optional.
sudo apt install --no-install-recommends openssh-client
C. Done.
The procedure of installing package(s) openssh-client is complete.
2. Optional: Create a persistent home folder for user clearnet.
sudo usermod -d /home/clearnet clearnet
sudo mkhomedir_helper clearnet
3. Open a shell under user clearnet.
sudo -u clearnet bash
4. Permanently disable stream isolation or temporarily circumvent stream isolation.
Syntax:
client-software ip-address
In the following example, note:
- Replace
sshwith the desired client software. - Replace the IP
192.168.1.0with the actual local LAN IP of the host. - Drop
.anondist-origif the command is not uwt-wrapped by default.
ssh.anondist-orig 192.168.1.0
Troubleshooting[edit]
- A configured host firewall might block connections to the service.
See Also[edit]
Footnotes[edit]
- ↑
It would probably require:
- Less safe: enabling IP forwarding inside Whonix-Gateway; or
- Safer: Opening an Incoming Port on Whonix-Gateway Firewall and running some kind of proxy software in Whonix-Gateway with user
clearnetthat permits forwarding to host, local area network or clearnet Internet.
At Whonix we value freedom and trust, supporting Open Source and Freedom Software
ENCRYPTED SUPPORT LP,
2023
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 10 year success story and maybe DONATE!