In Qubes OS, I wanted to transform a disposable netVM routed through the Whonix Gateway and forward the connection to the USB RJ45 interface I attached to it. I made the configurations for this USB RJ45 interface to route the traffic from the machine to the Ethernet cable connected to it, thus turning Qubes into an isolated Tor router for other devices like smartphones, other routers, switches and computers. I executed exactly the same procedure on a normal Linux system using OpenVPN or without a VPN, and the USB RJ45 interface forwarded the traffic perfectly. However, I did the same thing in Qubes, and it did not work! Can someone help me with this?
What is the Usefulness of This?
- Transforming Qubes into a Tor router for external devices will allow:
- Devices like smartphones and other operating systems that don’t work on Qubes to be routed through an isolated gateway with Tor. If such a device is compromised, there is no way to de-anonymize via the IP because the gateway is isolated in Qubes and transmits the connection through the USB RJ45.
- Creating Wi-Fi with an isolated gateway: if the USB RJ45 is sharing a Tor connection, just connect it to a router, turn on the Wi-Fi of that router, and the router’s connection will be a Tor connection with an isolated gateway.
- To bypass censorship with Tor on the external connected devices, users just have to install a VPN anonymously on the smartphone connected via Wi-Fi or through the USB RJ45 coming from Qubes, applying the VPN over Tor technique to bypass site censorship and remain anonymous even when using centralized VPNs!
- Disposable netVM: If the netVM is compromised because it is a disposable VM, the spyware would be annihilated upon shutdown, protecting the system. This is easy to do in Qubes; in a normal system, there’s no feasibility of constantly reformatting to mitigate this problem! Qubes has this advantage!
- Certain apps, messengers, and applications will only work on mobile phones or other operating systems like macOS or Windows. Having anonymity on them using an isolated Tor gateway would allow this, with certain precautions that the user needs to understand!
- Much better than using OpenWRT on routers or Raspberry Pi, which is limited, and Tor developed by OpenWRT is not recommended on the Tor Project site that discusses Tor service and how to install it by checking their signatures! This original Tor service cannot be installed on OpenWRT, if I recall correctly…
- OPTION 7: netVM can be adapted with a VPN to route to the USB RJ45, but this same netVM is routed by sys-whonix, giving us VPN over Tor to bypass censorship in case the user cannot install a VPN or proxy on their device. This setup is even better and more robust, ensuring more anonymity using VPN over Tor.
Centralized VPNs are dangerous; your real IP address goes to their servers, and they can do something dishonest, such as selling your traffic to the government.
7.1.Using a VPN over Tor with Whonix, the IP address seen by the server will be the exit node Tor IP you are using, protecting you from being de-anonymized and helping you avoid censorship with a strategically used VPN IP!
However, you need to obtain this VPN anonymously by paying with cryptocurrencies like Monero and using an anonymous email!
Example of Usefulness
Windows 11 requires you to be online to install it, so:
Using this VPN over Tor router from OPTION 7: connecting to Windows with a VPN it accepts, and using emails you registered anonymously, you will install your Windows anonymously using VPN over Tor coming from Qubes, shared through a USB RJ45 interface.
Then, you can continue using Windows online or use it offline for offline work (better, as Windows is not very efficient).
For those wanting to use Windows offline, today it is mandatory to be online for installation, and Microsoft collects metadata showing you are using Windows. With this VPN over Tor technique, you can register and still bypass any censorship against Tor that Microsoft is likely to impose! During the Windows installation, there’s no way to install a VPN, but the VPN over Tor is being set up within Qubes OS!
Using a centralized VPN on a router or a PC and routing it to Windows has the same problems I explained in section 7.1 of option 7. We need to use a VPN over Tor with option 7 to be truly protected!
So, can someone help me solve the problem of transforming Qubes into a Tor router for other external devices via a netVM appVM through the USB RJ45 network interface? It is not worth using Wi-Fi, as Wi-Fi is risky and increases the attack surface! With antennas at a distance, they might try to attack the Wi-Fi! Using an Ethernet cable is always safer! The netVM was used as PVH and not HVM! I tried using it as HVM but could not get it working and encountered issues! This setup is crucial; those who can build this will help transform Qubes into a Tor router with a super-secure VPN over Tor option for external devices in your network!
