Access Local Network, Host, or Clearnet Internet from VM

From Whonix
Jump to navigation Jump to search

Advanced documentation detailing the process to connect from inside a VM to a server service running on the host, within the LAN, or clearnet internet.

Introduction[edit]

Info This subject is advanced. The instructions provided are generally unnecessary for most users.

Consider File Transfer as a simpler alternative for standard requirements.

Prerequisite Knowledge[edit]

Access Host from within Whonix-Gateway[edit]

This example demonstrates using ssh, but other methods may be substituted accordingly.

On the Host[edit]

Install the necessary server software; ssh is illustrated as an example.

Install package(s) ssh.

A. Update the package lists and upgrade the systemarchive.org.

sudo apt update && sudo apt full-upgrade

B. Install the ssh package(s).

Using apt command line parameter --no-install-recommendsarchive.org is in most cases optional.

sudo apt install --no-install-recommends ssh

C. Done.

The procedure of installing package(s) ssh is complete.

If ssh is utilized, its setup on the host (such as public key setup) and related issues are considered prerequisite knowledge and are out of scope for this documentation. This wiki chapter is focused on connectivity, not on server configuration details.

Inside the VM[edit]

Install the corresponding client software, e.g., openssh-client.

1. Install openssh-client.

Install package(s) openssh-client.

A. Update the package lists and upgrade the systemarchive.org.

sudo apt update && sudo apt full-upgrade

B. Install the openssh-client package(s).

Using apt command line parameter --no-install-recommendsarchive.org is in most cases optional.

sudo apt install --no-install-recommends openssh-client

C. Done.

The procedure of installing package(s) openssh-client is complete.

2. Optional: Configure a persistent home folder for the user clearnet.

sudo mkhomedir_helper clearnet

3. Launch a shell under user clearnet.

sudo -u clearnet bash

4. Disable stream isolation permanently or circumvent it temporarily, as needed.

client-software ip-address

Note:

  • Substitute ssh with your client software of choice.
  • Replace 192.168.1.0 with the actual local LAN IP of the host.
  • Remove .anondist-orig if the command isn’t uwt-wrapped by default.

ssh.anondist-orig 192.168.1.0

5. Completion.

An SSH connection from within Whonix-Gateway to the host should now be established.

Access Host from within Whonix-Workstation[edit]

This scenario is currently undocumented and likely necessitates a complex setup with a high risk of clearnet leaks. See footnote. [1] Instead, users are recommended to explore SSH / SSHFS into Whonix-Gateway, [[File_Transfer#SSH_into_Whonix-Workstation|SSH / SSHFS into Whonix-Workstation]], and SSHFS into Whonix-Workstation.

Troubleshooting[edit]

  • Check whether a configured host firewall is blocking connections to the service.

Forum Discussion[edit]

https://forums.whonix.org/t/how-to-connect-from-a-guest-whonix-gateway-to-a-proxy-client-running-on-a-host/8874archive.org

See Also[edit]

Footnotes[edit]

  1. Options could include:

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!