Access Local Network, Host or Clearnet Internet from VM
Introduction[edit]
File Transfer might be a far simpler alternative.
Prerequisite Knowledge[edit]
Instructions[edit]
The following example uses ssh
, but it could be replaced with something else.
If ssh
is utilized, its setup on the host (such as public key setup) and related issues are out of scope for this documentation and are considered prerequisite knowledge. This wiki chapter is focused on connectivity and not server configuration details.
- These instructions only apply to Whonix-Gateway ™.
- Whonix-Workstation ™ is currently Undocumented. It would likely require a complex setup and pose a high risk of clearnet leaks; see footnote. [1] Instead of using these instructions it is recommended to consider SSH / SSHFS (ssh file system) into Whonix-Gateway ™, SSH / SSHFS into Whonix-Workstation ™, and SSHFS into Whonix-Workstation ™.
On the Host[edit]
Install the server software. Note: ssh
is used as an example but can be replaced with alternatives.
Install package(s) ssh
.
A. Update the package lists and upgrade the system.
B. Install the ssh
package(s).
Using apt
command line parameter --no-install-recommends
is in most cases optional.
C. Done.
The procedure of installing package(s) ssh
is complete.
Inside the VM[edit]
Install the client software. Note: openssh-client
is used as an example but can be replaced with alternatives.
1. Install openssh-client
.
Install package(s) openssh-client
.
A. Update the package lists and upgrade the system.
B. Install the openssh-client
package(s).
Using apt
command line parameter --no-install-recommends
is in most cases optional.
C. Done.
The procedure of installing package(s) openssh-client
is complete.
2. Optional: Create a persistent home folder for user clearnet
.
3. Open a shell under user clearnet
.
4. Permanently disable stream isolation or temporarily circumvent stream isolation.
Syntax:
In the following example, note:
- Replace
ssh
with the desired client software. - Replace the IP
192.168.1.0
with the actual local LAN IP of the host. - Drop
.anondist-orig
if the command is not uwt-wrapped by default.
Troubleshooting[edit]
- A configured host firewall might block connections to the service.
See Also[edit]
Footnotes[edit]
- ↑
It would probably require:
- Less safe: enabling IP forwarding inside Whonix-Gateway ™; or
- Safer: Opening an Incoming Port on Whonix-Gateway ™ Firewall and running some kind of proxy software in Whonix-Gateway with user
clearnet
that permits forwarding to host, local area network or clearnet Internet.