1
0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-11-18 20:41:33 -05:00

Fix spacing

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2022-07-27 03:18:36 -04:00 committed by tommytran732
parent 59d03af28b
commit 30e1e0b797
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2

View File

@ -31,22 +31,27 @@ Since DNS with Lokinet does not work if it is installed inside of a ProxyVM, we
A potential solution to this problem is to set up an unbound server or firewall script redirecting all DNS traffic to the ProxyVM to its Lokinet DNS server at `127.3.2.1:53`; however, I have been unable to get it working. Another solution is to simply override the DNS server inside the AppVM to a custom DNS server, but this will make you stand out out and break `.loki` DNS resolution. Websites like [DNS leak test](https://dnsleaktest.com) can observe which DNS server you are actually using and potentially fingerprint you. For the same reason that you should not use custom DNS servers when connected to the Tor network, you really should not use a custom DNS server when connected to Lokinet. A potential solution to this problem is to set up an unbound server or firewall script redirecting all DNS traffic to the ProxyVM to its Lokinet DNS server at `127.3.2.1:53`; however, I have been unable to get it working. Another solution is to simply override the DNS server inside the AppVM to a custom DNS server, but this will make you stand out out and break `.loki` DNS resolution. Websites like [DNS leak test](https://dnsleaktest.com) can observe which DNS server you are actually using and potentially fingerprint you. For the same reason that you should not use custom DNS servers when connected to the Tor network, you really should not use a custom DNS server when connected to Lokinet.
Start by importing the Oxen's PGP key: Start by importing the Oxen's PGP key:
`sudo curl --proxy http://127.0.0.1:8082 -so /etc/apt/trusted.gpg.d/oxen.gpg https://deb.oxen.io/pub.gpg` `sudo curl --proxy http://127.0.0.1:8082 -so /etc/apt/trusted.gpg.d/oxen.gpg https://deb.oxen.io/pub.gpg`
Then, add Oxen's Debian repository: Then, add Oxen's Debian repository:
`echo "deb https://deb.oxen.io $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/oxen.list` `echo "deb https://deb.oxen.io $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/oxen.list`
Next, update the repositories: Next, update the repositories:
`sudo apt update` `sudo apt update`
If updates for your packages are found, **DO NOT** attempt to upgrade them directly. Instead, use the Qubes Updater to update the TemplateVM. If updates for your packages are found, **DO NOT** attempt to upgrade them directly. Instead, use the Qubes Updater to update the TemplateVM.
When you are done, install `lokinet-gui` and `resolvconf`: When you are done, install `lokinet-gui` and `resolvconf`:
`sudo apt install lokinet-gui resolvconf` `sudo apt install lokinet-gui resolvconf`
Note that you **must** install resolveconf to get DNS working. Note that you **must** install resolveconf to get DNS working.
Next, edit `/var/lib/lokinet/lokinet.ini` and add the exit server you want to use: Next, edit `/var/lib/lokinet/lokinet.ini` and add the exit server you want to use:
`exit-node=exit.loki` `exit-node=exit.loki`
Note that I am using `exit.loki` here, as it is the one mentioned in the [Lokinet documentation](https://docs.oxen.io/products-built-on-oxen/lokinet/exit-nodes). Note that I am using `exit.loki` here, as it is the one mentioned in the [Lokinet documentation](https://docs.oxen.io/products-built-on-oxen/lokinet/exit-nodes).
@ -59,10 +64,11 @@ There are some other exit servers listed on [probably.loki](http://probably.loki
- secret.loki (Netherlands, run by Secret) - secret.loki (Netherlands, run by Secret)
Finally, enable the `lokinet` service: Finally, enable the `lokinet` service:
`systemctl enable lokinet` `systemctl enable lokinet`
## Creating the AppVM ## Creating the AppVM
Just create the AppVM as usual and you would be good to go. There are a few things to keep in mind though: Just create the AppVM as usual and you would be good to go. There are a few things to keep in mind though:
- You should probably set networking to use `sys-firewall`. I have tested using my ProtonVPN ProxyVM for networking, and DNS was not working. Besides, it makes litle sense to attempt such setup anyways, unless you are worried about accidental leaks or a compromised AppVM. - You should probably set networking to use `sys-firewall`. I have tested using my ProtonVPN ProxyVM for networking, and DNS was not working. Besides, it makes litle sense to attempt such setup anyways, unless you are worried about accidental leaks or a compromised AppVM.
- You should give the AppVM the `network-manager` service so that it Lokinet can set up networking properly and get DNS working. - You should give the AppVM the `network-manager` service so that it Lokinet can set up networking properly and get DNS working.