5
[Question] Securely Passing Host VPN to KVM?
(lemmy.ml)
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
You might want to look at the qubes operating system architecture documents.
For maximum privacy, you would want one container or VM to have access to the internet and run your VPN endpoint. This container would have firewall rules applied so it could only talk to the other side of the VPN on the internet interface. This container should also have another interface connecting to your guest VM.
For your guest VM, it could only route traffic to the VPN container.
You could also use network name spaces to do the same thing without containerization. Depending on your threat model and level of paranoia.
The benefit of segmenting out the VPN program into its own working space, is that if there's any bugs, any lapses, traffic doesn't accidentally get to the main internet. It's less leaky. Especially if you consider a hostile program running inside of your guest VM that's trying to defeat any VPN program.