LN6AkntHY0+6DnigtSaKqldqjKTDTv2OeH3nPoh80SGrt0oCOmYKfWTJGpggMGKv JV2+EGqZ80kFtBeOq94WcpiVKFTR4fO+VkOK9zwspFfb1cNs9rHvgJ1QMkRUF8Pp KydA3LJcNTjlI9a0TYAJfeRX5IkpoglSUuHuJgXhP3nEvX10mjXDpcu/YvM8TdE5 MCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiGĩw0BAQ0FAAOCAgEAppFfEpGsasjB1QgJcosGpzbf2kfRhM84o2TlqY1ua+Gi5TMd ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlĪW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZa HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0 MIIDWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQIĮwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRlĬm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw this file must be named vpn.conf and be placed within the /tmp/vpn directory (on the host): For testing purposes I’ve created /tmp/vpn and adapted an PIA openvpn config file to use file-based authentication (change auth-user-pass to auth-user-pass nf in the PIA configuration file). The openvpn-client docker image does support using an user-supplied configuration file, so I went with that. Sadly the inital setup did not work as smooth as I assumed, so I wrote my setup procedure up. I did some searching around and found dperson’s docker images which nicely provide all needed functionality. What you wouldn’t want is the container to automatically use my “normal” network connection - this would use my public IP address and throught that might leak my identity. This setup should be fail-secure: if the VPN tunnel gets disconnected, the bittorrent download container will loose network connectivity. To improve reusability I will use docker images for those. the software that should run through/behind the VPN.You can replace that with your company or tor proxy for the other use cases. a Private Internet Access VPN tunnel – this hides (or should hide) my identity.To achieve a secure setup I want to combine the following: The same requirements arise for different use-cases, e.g., when downloading bittorrent files or forcing traffic through the tor network if whistle-blowing. I do not want for traffic to ever leave that VPN as that would look like as if I’d be performing cyber attacks from my private home IP address. Sometimes I want to work on client assignments (penetration-tests) from home, if I do that I am using my company VPN so that all traffic is routed thorugh their public IP address (which is white-listed by the client).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |