• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

README.mdH A D25-Jul-20184.4 KiB8052

rc.conf.complex.sampleH A D03-May-20221.2 KiB3613

rc.conf.simple.sampleH A D03-May-2022325 175

vm-ctrlH A D25-Jul-20181.7 KiB6328

vm-to-torH A D03-May-202233.2 KiB989728

README.md

1# vm-to-tor: Connect virtual machines (VirtualBox, bhyve, etc) to Tor on FreeBSD (FreeBSD port security/vm-to-tor)
2
3This is the FreeBSD service that allows to seamlessly connect any number of the VirtualBox machines to the Tor anonymity network. (https://www.torproject.org/)
4
5## Screenshot
6
7![Alt text](https://raw.githubusercontent.com/yurivict/vm-to-tor/master/screenshot.png "Running with several VMs")
8
9## Installation
10
11vm-to-tor is installed by running this command as root:
12```shell
13pkg install vm-to-tor
14```
15
16## Running
17
18### Setup the service
19
20Add the following section to the system configuration file /etc/rc.conf:<br/>
21```shell
22#
23# For VirtualBox VMs to Tor connections
24#
25firewall_enable="YES"
26firewall_type="open"
27vbox_tor_ifaces="tap0 tap1"
28vm_to_tor_enable="YES"
29vm_to_tor_ifaces="${vbox_tor_ifaces}"
30```
31
32This setup allows you to run 2 different virtual machines connected to TOR (on tap0 and tap1 tunnels).
33
34Alternatively, add this line to /etc/rc.conf:<br/>
35```shell
36. /usr/local/etc/vm-to-tor.rc.conf.simple
37```
38and adjust /usr/local/etc/vm-to-tor.rc.conf.simple for your needs.
39
40### Run the service
41
42In order to run vm-to-tor, you need to execute these commands as root:
43```shell
44sysrc vm_to_tor_enable="YES"
45service vm-to-tor start
46```
47
48### Setup in the Virtual Box
49
50Click on "Settings" for the virtual machine that you want to connect to the Tor betwork.
51Click on "Network", choose "Bridged Adapter" with one of the tapN interfaces.
52
53## How does vm-to-tor work?
54
55vm-to-tor creates tunnel interfaces and sets them up for the use by the virtual machines, so that all network traffic of the VMs is tunneled to the host level network interface. It also adds appropriate firewall rules that send all network traffic originating in the VMs directly to Tor router running on the host. These firewall rules also prevent any leaks of traffic through the original unsecured network connection on the host.
56
57## Background
58
59Tor Project actively promotes the so-called "Tor Browser Bundle" (TBB). The security of TBB depends on the vast and complex codebase that firefox browser is built from being free of bugs. Many bugs have been found in the firefox code in the past, particularly some severe JavaScript bugs that allowed for some breaches of anonymity of TBB users in the past. There is also no guarantee that more bugs will not be found. That is why many TBB users believe that it is much safer to disable JavaScript altogether, and thet they should limit what websites they should visit.
60
61vm-to-tor took very different approach, "security by isolation". It allows user to easily connect the OS of his/her choice (VM guest) to the Tor router that runs on the host. This guest OS is completely isolated from the host and other guests, and can only connect to the Tor network. Therefore, regardless of what bugs any particular program that runs in the guest might have, such bugs just can't reveal the real IP of the user because anything they do always goes only through the Tor connection through a very simple tunnel.
62
63There is another product, Whonix (https://www.whonix.org), that also chose security-by-isolation approach. However, Whonix requires the second VM to act as a Tor router host.
64
65While providing an excellent security, security-by-isolation approach didn't become very popular primarily due to the setup difficulties. It requires virtual machines being setup in particular way, firewall rules, Tor setup. vm-to-tor eventually made such setup very easy for FreeBSD users.
66
67vm-to-tor works with virtually no overhead, and installs as two standard FreeBSD services that can be started any time. It allows to run any number of guests, all completely isolated from each other and from the host.
68
69## Caveats
70
71* For a better experience with vm-to-tor you need kernel with this patch: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199136 Without this patch tapN interfaces will be brought down with every guest reboot, and you will need to bring them up manually every time.
72* Stopping vm-to-tor while VMs are running currently causes all involved VMs to crash. I believe this is a bug in VirtualBox, but this isn't a very important problem.
73* Changing networking type to tapN while VM is running also causes VM crash. This is another bug in VirtualBox.
74* Programs requiring UDP will not work because Tor currently doesn't support UDP. Only DNS UDP is supported.
75
76## Donations
77
78We would appreciate donations: 1LDxJDTPkRS4RrPbzbYYPFr15sqmMZuJj5
79
80