Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

virt-manager bypass orjail network and access internet without tor #94

Open
Roberto-MN opened this issue Jun 2, 2023 · 6 comments
Open

virt-manager bypass orjail network and access internet without tor #94

Roberto-MN opened this issue Jun 2, 2023 · 6 comments

Comments

@Roberto-MN
Copy link

Roberto-MN commented Jun 2, 2023
edited

I started a shell with orjail and started virt-manager from it, so I created a virtual machine and started the Guest operating system. The Guest operating system is accessing the internet without Tor, I checked this by accessing the page https://check.torproject.org in the Guest operating system.
I am also using orjail to run OpenVPN and try to make the VPN Over Tor (Tor> VPN) connection, but I don't know if OpenVPN is accessing the internet through or without Tor. How can I know if my real IP is being leaked when I run OpenVPN inside orjail?
The most serious problem I found is that virt-manager software completely ignores orjail and connects to the internet without Tor.
@alpominth
Copy link

I am also using orjail to run OpenVPN and try to make the VPN Over Tor (Tor> VPN) connection, but I don't know if OpenVPN is accessing the internet through or without Tor. How can I know if my real IP is being leaked when I run OpenVPN inside orjail?

See Wireshark logs. Here all the VPN traffic is tunneled over Tor,

@alpominth
Copy link

@Roberto-MN

The most serious problem I found is that virt-manager software completely ignores orjail and connects to the internet without Tor.

That is happening because the virt-manager connects to libvirt daemon which is running on host network namespace.

Anyway you wouldn't connect the Orjail veth interface to virt-manager, but I found some tutorials for setting up a TAP interface which routes all traffic over Tor:

https://tor.stackexchange.com/questions/330/running-a-virtual-machine-vm-that-can-only-connect-through-tor

https://www.mike-warren.com/articles/routing-vm-traffic-through-tor.html

It's not that easy, but you could give a try.

@Roberto-MN
Copy link
Author

Hi @alpominth, thank you very much for the tips. I installed Wireshark now, but I don't know how to use it, I will have to learn. Do you use orjail to launch OpenVPN? I'm doing this but I don't know if it's safe.

That is happening because the virt-manager connects to libvirt daemon which is running on host network namespace.

If I launch The Virt-Manager Daemon with orjail the connection of my virtual machine will go to the Tor Network?
Thank you for your help. I will try the links you posted.

@alpominth
Copy link

You should install Wireshark and start as root and you should double-click in the network interface to see the packets going in and out. What you should do is to see if the VPN IP is showed in the Wireshark logs, if not, you're not leaking anything.

I already launched OpenVPN inside Orjail in some tests and saw the Wireshark logs, I could notice that is pretty safe as all the VPN traffic is tunneled over Tor.

If I launch The Virt-Manager Daemon with orjail the connection of my virtual machine will go to the Tor Network?

You can try that, but I don't know if you could bridge a virtual ethernet (veth) interface to the virtual machine. In my tests, it doesn't work with VirtualBox, not sure about QEMU/Xen.

@Roberto-MN
Copy link
Author

Roberto-MN commented Jun 10, 2023
edited

I tried launch The Virt-Manager Daemon with orjail, daemon runs, but does not connect with the application. Give the following error message:

Unable to connect to libvirt qemu:///system.

error from service: GDBus.Error:org.gtk.GDBus.UnmappedGError.Quark._g_2dfile_2derror_2dquark.Code4: Failed to open file “/proc/282/status”: No such file or directory

Libvirt URI is: qemu:///system

Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/connection.py", line 922, in _do_open
self._backend.open(cb, data)
File "/usr/share/virt-manager/virtinst/connection.py", line 153, in open
conn = libvirt.openAuth(self._open_uri,
File "/usr/lib/python3/dist-packages/libvirt.py", line 148, in openAuth
raise libvirtError('virConnectOpenAuth() failed')
libvirt.libvirtError: error from service: GDBus.Error:org.gtk.GDBus.UnmappedGError.Quark._g_2dfile_2derror_2dquark.Code4: Failed to open file “/proc/282/status”: No such file or directory

We can conclude that orjail is not for torify Virt-Manager.

@alpominth
Copy link

That was expected.

Also, orjail is meant for anonymizing userspace programs, not entire operating systems inside a virtual machine, anonymizing VMs is far more complex.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Roberto-MN @alpominth