Become Invisible Online with Tails OS — Connecting to a VPN before Tor using KVM.

aj-tap
4 min readDec 15, 2022

--

Connecting to a VPN before Tor (User → VPN → Tor → Internet)

Why Anonymity is important and why Tails

Because it is so simple for your data to be given to third parties, anonymous casual browsing has recently grown more annoying. Therefore, switching to incognito mode in your browser is simple to do if you’re interested in keeping your browsing habits private.

The issue is that standard operating systems are built to store vast quantities of sensitive data in your computer’s hardware. Furthermore, third-party companies can track you using third-party cookies, tracking pixels, device IDs, and so on. Because many of these tracking methods are designed to be non consensual. Keeping your anonymity online sometimes requires more than just obscuring your IP address and location.

This is where Tails enters the picture. It is a live amnesic system, which means it operates on host memory rather than being permanently installed on a physical drive. When you reboot or shut down, your activity session is erased, leaving no files or other traces. Moreover, Tails uses Tor which is a decentralized network designed for using the internet with as much privacy as possible. It enables private and anonymously browsing. You can use tor to search and access both normal and dark websites without disclosing your personal information.

Threat Modeling

Before you begin, keep in mind that not everyone requires Tor or to boot into Tails. You select what you need based on your threat model. Most people want to find reasonable convenience with an acceptable level of privacy. Tech Lore explained why threat modeling is important before setting up everything to save time.

Why run tails in a virtual machine?

Being able to switch between Tails and your Work operating system without frequently restarting your computer can be convenient. Moreover, using KVM Virt-manager we can create an isolated network and VPN kill switch for our setup.

Setup

Install virt-manager and KVM

Debian:

sudo apt install virt-manager libvirt-daemon-system

Ubuntu:

sudo apt install virt-manager libvirt-bin qemu-kvm

Arch:

sudo pacman -Syy
sudo reboot
sudo pacman -S archlinux-keyring
sudo pacman -S qemu virt-manager virt-viewer dnsmasq vde2 bridge-utils openbsd-netcat2
sudo pacman -S ebtables iptables
sudo systemctl enable libvirtd.service
sudo systemctl start libvirtd.service

Setup KVM network configuration Kill switch VPN to Tor network

  1. Install openvpn on Host OS.

Ubuntu/Debian:

sudo apt-get install openvpn -y 

Arch:

sudo pacman -S openvpn

2. Setup and Connect to VPN Client Choice.

 sudo openvpn your_client.ovpn

3. Open now your virt-manager. then go to Connection Details.

4. Click the plus button to create a virtual network.

5. Set Forward to Physical device, then add tun0 to forward all connection to the host VPN. then click finish.

Installing Tails on virtual machine

  1. Get Tails ISO image

2. Open Virt-manger and click File and create new Virtual Machine. Then choose local install media (ISO image or CDROM).

4. Choose the Tails ISO image that you’ve download. and set the operating system your installing to Debian 11

5. Allocate atleast 2048 MB of RAM. In my case I set to 4GB RAM.

6. Unselect Enable storage for this virtual machine.

7. Rename your virtual machine and change the network setting to the network-tails we created.

3. Upon booting into Tails, a welcome screen will appear. press the start tails button.

4. Connect to tor network and test if it connects successfully.

You configured Tails in KVM with a VPN kill switch. When you unintentionally disconnect your VPN, it no longer connects to the Tor network, preventing IP leakage.To Learn more about restoring online privacy. Feel free to visit https://www.privacyguides.org/.

And if you’re curious about how Threat actors operate behind Tor. Check out the Dark Web Documentary by John Hammond.

--

--

aj-tap
aj-tap

Written by aj-tap

Cyber Security Enthusiast | Powered by Caffeine | https://aj-tap.github.io/

No responses yet