wiki:doc/TorBOX/VMware

Version 3 (modified by cypherpunks, 7 years ago) (diff)

TorBOX-* rename

TorBOX Homepage

This is a draft/scratchpad, NOT a usable tutorial! Uncompleted and heavily outdated.

TorBOX.ova's imported into VMware

Recent test results using TorBOX/Download.
Not recommend!

manual configuration

TorBOX with VMware instead of VirtualBox

Tested using VMware Workstation 8.

Harden VMware

  • Remove printer
  • Disable 3D acceleration
  • Remove CD/DVD drive (after installation)
  • Remove floppy drive
  • Remove USB controller (at least disable automatically connect new devices)
  • Remove sound card
  • Do not install VMware Tools or open-vm-tools (comfort vs. security)

TorBOX-Workstation

  • Connect the virtual network adapter to custom. This is important! No host-only, no NAT, no bridging! I used VMnet9 virtual network, as it wasn't used by anything else.
  • Verify you CANNOT ping any external hosts. Verify that the TorBOX-Workstation is isolated from the network and the Internet.

The important part is to setup a fixed IP for the virtual LAN network card and to use the same subnet like the TorBOX-Gateway for VMnet9. Type 'nano /etc/network/interfaces'

# source: https://trac.torproject.org/projects/tor/wiki/doc/TorBOX

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# VMnet9
auto eth0
#iface eth0 inet dhcp
iface eth0 inet static
address 192.168.0.2
netmask 255.255.252.0
gateway 192.168.0.1

More configuration is required for the TorBOX-Gateway server. Add three? virtual network cards before you install.

  • first one (will be called eth0 in linux): NAT
  • second one (will be eth1 in linux): Custom VMnet9 (No host-only, no NAT, no bridging!).

TorBOX-Gateway

eth0 configuration notes: for 'address': Go to VMware Workstation -> Edit -> Virtual Network Editor -> click on (in my case it was VMNet8) NAT -> click on DHCP Settings -> look at 'Start IP Address' and 'End IP Address' the IP you choose here must be within the range of 'Start IP Address' and 'End IP Address' the 'Start IP Address' might not work, in that case use it's successor or any other.

for 'netmask': No change for the netmask should be needed, to be sure go to VMware Workstation -> Edit -> Virtual Network Editor -> see at subnet mask in the right corner

for 'gateway': Go to VMware Workstation -> Edit -> Virtual Network Editor -> click on (in my case it was VMNet8) NAT -> click on NAT Settings -> see 'VMware Gateway IP'

Configure your network interfaces. 'nano /etc/network/interfaces':

# source: https://trac.torproject.org/projects/tor/wiki/doc/TorBOX
#
# comments start with a hash '#' and are ignored

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

#
# - the loopback network interface -
#
#Enter this configuration:
auto lo
iface lo inet loopback

#
# - nat internet device -
#
# This device will connect to the internet and may be also connected from the host for SSH administration.
#
#Enter this configuration:
auto eth0
iface eth0 inet static
address 192.168.161.128
netmask 255.255.255.0
gateway 192.168.161.2

#
# - vmnet9 -
#
# This device will only communicate with the TorBOX-Workstation.
#
#Enter this configuration:
auto eth1
iface eth1 inet static
address 192.168.0.1
netmask 255.255.252.0

One might wish to access the TorBOX-Workstation through SSH. Therefore he could add a second network adapter with Host-Only Networking. Beware

If you install the proper routing or proxy software on your host computer, you can establish a connection between the host virtual Ethernet adapter and a physical network adapter on the host computer. This allows you, for example, to connect the virtual machine to a Token Ring or other non-Ethernet network.

On a Windows 2000, Windows XP or Windows Server 2003 host computer, you can use host-only networking in combination with the Internet connection sharing feature in Windows to allow a virtual machine to use the host's dial-up networking adapter or other connection to the Internet. See your Windows documentation for details on configuring Internet connection sharing. 

Testing

  • Try restarting your various virtual machines (power on and off the virtual machines), at times VMware networking can give you headaches