1 00:00:00,000 --> 00:00:08,000 Previously, we've seen how easy it is to connect to a VPN server if the provider offers a VPN client. 2 00:00:08,000 --> 00:00:13,000 As I said earlier, most VPN providers do not support Thales. 3 00:00:13,000 --> 00:00:19,000 Therefore, if you want to connect to a VPN from Thales and your provider does not support Thales, 4 00:00:19,000 --> 00:00:26,000 you'll have to manually modify the firewall settings, install the needed software and connect to the 5 00:00:26,000 --> 00:00:29,000 VPN server that you want to connect to. 6 00:00:29,000 --> 00:00:35,000 So in this lecture, I'm going to show you how to do that so that you can connect to any VPN server 7 00:00:35,000 --> 00:00:36,000 from Thales. 8 00:00:38,000 --> 00:00:43,000 Please keep in mind, like I said earlier, connecting to a VPN from Thales is optional. 9 00:00:43,000 --> 00:00:50,000 This is not a required step because as we know, Thales automatically forces all traffic to go through 10 00:00:50,000 --> 00:00:50,000 the Tor network. 11 00:00:50,000 --> 00:00:56,000 Therefore, by default it is more private and more anonymous than most operating systems. 12 00:00:57,000 --> 00:01:02,000 So the main thing that I'm actually going to be showing you in this lecture is how to configure Thales 13 00:01:02,000 --> 00:01:08,000 so that it redirects data to our VPN provider and then connect to this VPN provider. 14 00:01:09,000 --> 00:01:10,000 So let's go to Thales. 15 00:01:11,000 --> 00:01:13,000 As you can see here, I haven't even logged in yet. 16 00:01:14,000 --> 00:01:17,000 Before doing that, you need to add an admin account. 17 00:01:17,000 --> 00:01:23,000 So I showed you how to do that before we're going to click on the plus and we're going to click on the 18 00:01:23,000 --> 00:01:24,000 administrator password. 19 00:01:24,000 --> 00:01:31,000 And we're just going to set an admin password so that we can execute commands with admin privileges. 20 00:01:32,000 --> 00:01:37,000 We're going to click on Add to add it and then we're going to start Thales. 21 00:01:38,000 --> 00:01:44,000 Now, once your insight tells I'm going to go and start my terminal, so we're going to go to applications 22 00:01:44,000 --> 00:01:46,000 and run the terminal from here. 23 00:01:47,000 --> 00:01:52,000 This is basically a program that allows us to execute commands on the system. 24 00:01:52,000 --> 00:01:56,000 I know it sounds a little bit scary, but don't worry, I'm going to walk you through it. 25 00:01:56,000 --> 00:02:03,000 And the first thing I want to do is change my privileges to admin privileges, because I'm going to 26 00:02:03,000 --> 00:02:07,000 be modifying the system settings and I'm going to be installing additional software. 27 00:02:07,000 --> 00:02:10,000 Therefore, I need to be admin for this. 28 00:02:10,000 --> 00:02:16,000 So to change our permissions to admin, we're going to do sudo su. 29 00:02:17,000 --> 00:02:19,000 It's going to ask you for the admin password. 30 00:02:19,000 --> 00:02:23,000 So I'm going to put the password that I just said at the start of the video. 31 00:02:24,000 --> 00:02:31,000 Now, if you notice at the start, I was saying amnesia, which is the user that we were using at amnesia, 32 00:02:31,000 --> 00:02:38,000 but now it's saying root at amnesia, meaning that we're going to be executing commands as root. 33 00:02:38,000 --> 00:02:41,000 Root is the admin user account on the system. 34 00:02:42,000 --> 00:02:49,000 So I'm going to clear the screen and the first command that I want to run is a command to install OpenVPN. 35 00:02:49,000 --> 00:02:57,000 OpenVPN is a program that we're going to use in order to connect to our VPN server, regardless of what 36 00:02:57,000 --> 00:03:03,000 VPN provider you're using, whether you're using NORD or any other VPN provider, it doesn't really 37 00:03:03,000 --> 00:03:04,000 matter. 38 00:03:04,000 --> 00:03:07,000 You can use open VPN with all of them. 39 00:03:07,000 --> 00:03:11,000 So the first thing that we need to do is install this program on Thales. 40 00:03:11,000 --> 00:03:19,000 And to do that, all we have to do is do apt get this is the program entails that we can use to install 41 00:03:19,000 --> 00:03:28,000 other programs and what we want to do is install and the program that we want to install is called Open 42 00:03:28,000 --> 00:03:29,000 VPN. 43 00:03:30,000 --> 00:03:34,000 So apt get is a program that we use to install other programs. 44 00:03:34,000 --> 00:03:36,000 Install is what we want to do. 45 00:03:36,000 --> 00:03:41,000 We want to install another program and the program that we want to install is called OpenVPN. 46 00:03:42,000 --> 00:03:43,000 I'm going to hit enter. 47 00:03:44,000 --> 00:03:47,000 And this is telling me, do I really want to do this? 48 00:03:47,000 --> 00:03:48,000 I'm going to say yes. 49 00:03:48,000 --> 00:03:51,000 So I'm going to type Y from my keyboard and hit Enter. 50 00:03:52,000 --> 00:03:53,000 And perfect. 51 00:03:53,000 --> 00:03:57,000 Now OpenVPN is installed, as you can see in here. 52 00:03:57,000 --> 00:04:00,000 Now you can see the notification that we have right now. 53 00:04:00,000 --> 00:04:06,000 It's asking us if I want to install this program only once or install every time. 54 00:04:07,000 --> 00:04:11,000 If you click on install every time, Thales will install this program. 55 00:04:11,000 --> 00:04:15,000 Every time you start Thales because as we know, Thales this amnesic. 56 00:04:15,000 --> 00:04:20,000 So if you pick install only once, it will only be installed for the session. 57 00:04:20,000 --> 00:04:23,000 If you restart the computer, it will be removed. 58 00:04:23,000 --> 00:04:29,000 So I'm going to click on install every time and this way, every time I start Thales, it will automatically 59 00:04:29,000 --> 00:04:36,000 install openvpn for me and I'll be able to use it without doing the apt get command that we just did. 60 00:04:37,000 --> 00:04:44,000 So now that we have OpenVPN installed, we're actually ready to go and connect to our VPN. 61 00:04:44,000 --> 00:04:52,000 But before doing that, you need to go ahead and download the configuration files of your VPN. 62 00:04:52,000 --> 00:04:55,000 Now you need to get these from your VPN provider. 63 00:04:55,000 --> 00:04:58,000 Most VPN providers will give you that. 64 00:04:58,000 --> 00:05:00,000 The process of doing that is different. 65 00:05:00,000 --> 00:05:02,000 You might even need to communicate with them. 66 00:05:02,000 --> 00:05:08,000 But right now, I already have them downloaded in my Tor browser persistent directory. 67 00:05:08,000 --> 00:05:16,000 And here these are the configuration files that I need for my VPN provider to connect using openvpn. 68 00:05:16,000 --> 00:05:22,000 The main file which is the config file is the file with the dot VPN extension. 69 00:05:23,000 --> 00:05:31,000 If I double click this file, you'll see the open VPN configurations and all you need to do is basically 70 00:05:31,000 --> 00:05:32,000 run open VPN. 71 00:05:32,000 --> 00:05:38,000 The program that we just installed and tell it to use the configuration in this config file. 72 00:05:38,000 --> 00:05:40,000 This will work on any system. 73 00:05:40,000 --> 00:05:47,000 You can even do it from Windows or Linux, but it won't work from Thales because like I said earlier, 74 00:05:47,000 --> 00:05:52,000 Thales is configured to force all traffic through the Tor network. 75 00:05:52,000 --> 00:05:58,000 So before doing that, before trying to connect to our VPN, we need to modify the firewall settings 76 00:05:58,000 --> 00:06:05,000 so that all data is forced to go through the VPN first and then go to the Tor network. 77 00:06:06,000 --> 00:06:11,000 So to do that, I'm going to open the configuration file for the firewall. 78 00:06:11,000 --> 00:06:19,000 So I'm going to go back to my terminal and I'm going to do G, edit, g, edit is a text editor. 79 00:06:19,000 --> 00:06:23,000 So I'm basically saying I want to use a text editor to open a text file. 80 00:06:23,000 --> 00:06:30,000 And the text file that I want to open is the text file that controls the firewall in tails. 81 00:06:30,000 --> 00:06:39,000 So the that text file is stored in ETSI firm and the name of the text file is from dot com. 82 00:06:41,000 --> 00:06:42,000 So we're doing G. 83 00:06:42,000 --> 00:06:48,000 EDIT Because that's the text editor that we want to use and we're telling it we want to edit the following 84 00:06:48,000 --> 00:06:49,000 file. 85 00:06:50,000 --> 00:06:55,000 If I hit Enter, this will open the file for me, as you can see in here and what we want to do. 86 00:06:55,000 --> 00:07:01,000 Like I said, we want to add an exception for the VPN server that we want to connect to. 87 00:07:01,000 --> 00:07:09,000 So I'm going to scroll down and I'm going to look for where it says White List Access to local resources. 88 00:07:09,000 --> 00:07:16,000 And in here, we're going to add the information of this server that we want to connect to. 89 00:07:16,000 --> 00:07:19,000 We can get this information from here from the config file. 90 00:07:19,000 --> 00:07:23,000 Like I said, this is the file with the dot VPN extension. 91 00:07:24,000 --> 00:07:34,000 So the first thing we're going to do is type the ADR to specify the IP of the VPN server that we want 92 00:07:34,000 --> 00:07:35,000 to connect to. 93 00:07:35,000 --> 00:07:38,000 And we can get that from the config file. 94 00:07:38,000 --> 00:07:41,000 It's after the remote in here, so we have it right here. 95 00:07:42,000 --> 00:07:45,000 I'm just going to copy this and paste it here. 96 00:07:47,000 --> 00:07:50,000 Then we're going to need to specify the protocol. 97 00:07:50,000 --> 00:07:54,000 So I'm going to type protocol followed by the protocol. 98 00:07:54,000 --> 00:07:58,000 Again, looking at the config file, we can see the protocol is UDP. 99 00:07:59,000 --> 00:08:02,000 So again, we're just going to type UDP in here. 100 00:08:03,000 --> 00:08:05,000 Then we need to specify the port. 101 00:08:05,000 --> 00:08:08,000 So we're going to type the port again. 102 00:08:08,000 --> 00:08:11,000 We're going to get that from the config file, from the remote entry. 103 00:08:11,000 --> 00:08:15,000 So the remote contains the IP followed by the port. 104 00:08:15,000 --> 00:08:16,000 So we can see the port here. 105 00:08:16,000 --> 00:08:19,000 It's 1191 again. 106 00:08:19,000 --> 00:08:22,000 We go back here, 1191. 107 00:08:23,000 --> 00:08:31,000 And we're going to say for this specific IP with this specific protocol, with this port, I want you 108 00:08:31,000 --> 00:08:36,000 to allow the admin user, the root user, to do anything. 109 00:08:36,000 --> 00:08:46,000 So we're going to open two curly brackets and we're going to say mod owner, the UID of the owner is 110 00:08:46,000 --> 00:08:46,000 root. 111 00:08:46,000 --> 00:08:49,000 Like I said, root is the admin and Linux. 112 00:08:49,000 --> 00:08:56,000 And we're going to say we want to accept all connections that this user does to this specific IP with 113 00:08:56,000 --> 00:08:59,000 this specific protocol, with this specific port. 114 00:09:02,000 --> 00:09:10,000 The next thing that we need to do is redirect and force all traffic to go through this VPN server so 115 00:09:10,000 --> 00:09:15,000 that anything that the operating system does will have to flow this way and that way. 116 00:09:15,000 --> 00:09:21,000 It is very difficult for other programs to access the Internet directly and therefore leak information 117 00:09:21,000 --> 00:09:25,000 about our real IP and real identity. 118 00:09:26,000 --> 00:09:28,000 So to do that, we're going to scroll down. 119 00:09:30,000 --> 00:09:34,000 To where it says Thor is allowed to do anything it wants to do. 120 00:09:34,000 --> 00:09:42,000 We're going to say this can only be valid if the outer phase, so the interface in which data flows 121 00:09:42,000 --> 00:09:46,000 through is t, u and zero. 122 00:09:46,000 --> 00:09:52,000 Now t you and zero is a virtual interface that doesn't exist right now. 123 00:09:52,000 --> 00:09:55,000 It will be created once we connect to the VPN server. 124 00:09:55,000 --> 00:10:02,000 And what we're doing right now in here is forcing all traffic to go through this interface that will 125 00:10:02,000 --> 00:10:08,000 be creating the encrypted tunnel between our computer and the VPN server. 126 00:10:09,000 --> 00:10:11,000 So that's it right now. 127 00:10:11,000 --> 00:10:15,000 First of all, we added a rule to allow Thales to connect to the VPN server. 128 00:10:15,000 --> 00:10:23,000 And second, we configured the firewall to force all traffic to go through the connection of this VPN 129 00:10:23,000 --> 00:10:23,000 server. 130 00:10:23,000 --> 00:10:29,000 So I'm going to do control as to save this, and we're going to do control queue to quit the file. 131 00:10:30,000 --> 00:10:31,000 We're also done with the config. 132 00:10:31,000 --> 00:10:36,000 So I'm going to close it in here and I'm going to clear my screen. 133 00:10:37,000 --> 00:10:43,000 And right now we just have to do one more thing before connecting to the VPN server, which is restarting 134 00:10:43,000 --> 00:10:46,000 our firewall for these changes to take effect. 135 00:10:47,000 --> 00:10:56,000 To do that, we're going to do ETSI and IT the firm, which is the name of my firewall and we're going 136 00:10:56,000 --> 00:10:58,000 to say I want to restart this firewall. 137 00:10:59,000 --> 00:11:00,000 We're going to hit enter. 138 00:11:00,000 --> 00:11:05,000 And if you fail at this stage, it means that you misconfigured one of the rules. 139 00:11:05,000 --> 00:11:11,000 So please just revise the video and make sure you set up the rules exactly like I did. 140 00:11:12,000 --> 00:11:15,000 As you can see, I was able to restart it with no issues at all. 141 00:11:15,000 --> 00:11:21,000 Therefore, right now I am ready to go ahead and connect to my VPN server. 142 00:11:22,000 --> 00:11:25,000 Now, before doing that, let me just show you right here. 143 00:11:25,000 --> 00:11:32,000 As you can see, the configuration files are stored in my home persistent tor browser, so I need to 144 00:11:32,000 --> 00:11:37,000 navigate to this location before being able to use these files. 145 00:11:38,000 --> 00:11:45,000 So we're going to use the CD command to change my current working directory to this directory. 146 00:11:45,000 --> 00:11:49,000 So we're going to do CD followed by Persistent. 147 00:11:50,000 --> 00:11:53,000 And you can use the tap to autocomplete, for example. 148 00:11:53,000 --> 00:11:59,000 I'm just going to type T, o, r and press tab to autocomplete tor browser. 149 00:12:00,000 --> 00:12:04,000 If I hit enter, you'll see that I am inside the correct path right now. 150 00:12:04,000 --> 00:12:06,000 Same path as you see in here. 151 00:12:07,000 --> 00:12:13,000 Therefore, right now I can go ahead and use this file to connect to my VPN server. 152 00:12:13,000 --> 00:12:19,000 So we're going to use the program open VPN that we installed at the start of the video. 153 00:12:19,000 --> 00:12:25,000 So we're going to do OpenVPN dash dash config to specify the config file. 154 00:12:25,000 --> 00:12:31,000 And again, as you can see in my case, the config file right here is called config dot VPN. 155 00:12:31,000 --> 00:12:37,000 In your case, it might be called something else, but the config file is always the file that ends 156 00:12:37,000 --> 00:12:39,000 with dot VPN. 157 00:12:39,000 --> 00:12:45,000 So I'm going to type config dot VPN and before I hit enter, just going to go over the command. 158 00:12:45,000 --> 00:12:47,000 We're using open VPN. 159 00:12:47,000 --> 00:12:51,000 This is the program that will allow us to connect to our VPN server. 160 00:12:51,000 --> 00:12:59,000 We're doing the dash config to specify the config file and my config file is called config dot VPN. 161 00:12:59,000 --> 00:13:01,000 I'm going to hit enter. 162 00:13:01,000 --> 00:13:05,000 And as you can see, it's going to ask me for the password. 163 00:13:05,000 --> 00:13:10,000 This is your password to connect to your VPN server, not the password of the system. 164 00:13:11,000 --> 00:13:13,000 So I'm going to input mine right now. 165 00:13:14,000 --> 00:13:17,000 Hit enter and perfect. 166 00:13:17,000 --> 00:13:23,000 If you see initialization sequence completed, this means that the connection has been established. 167 00:13:23,000 --> 00:13:31,000 Now you will also notice that the onion icon in here will have an ex as if you're not connected to anything. 168 00:13:32,000 --> 00:13:33,000 Don't worry about this. 169 00:13:33,000 --> 00:13:39,000 You're seeing that because right now the traffic is forced to go through the VPN server, like I said. 170 00:13:39,000 --> 00:13:46,000 And that's why the system thinks that it's not connected, but it is actually connected to the VPN server. 171 00:13:46,000 --> 00:13:51,000 To confirm this, I'm going to go and run my tor browser. 172 00:13:53,000 --> 00:13:56,000 And I'm just going to go to check the tor project dot org. 173 00:13:58,000 --> 00:13:58,000 And perfect. 174 00:13:58,000 --> 00:14:04,000 As you can see, it's still enough that my browser right now is configured to use the Tor browser. 175 00:14:05,000 --> 00:14:11,000 So right now what's happening is we're connecting to the VPN first and then our traffic is routed to 176 00:14:11,000 --> 00:14:13,000 the Tor network. 177 00:14:13,000 --> 00:14:18,000 And then, like I said, we can bounce through three nodes and then go to the internet or stay within 178 00:14:18,000 --> 00:14:21,000 the Tor network and access onion hidden services. 179 00:14:22,000 --> 00:14:28,000 Now just to make sure that this is the way our computer is set up and it can't access the Tor network 180 00:14:28,000 --> 00:14:30,000 directly or the Internet directly. 181 00:14:30,000 --> 00:14:35,000 What I'm going to do in here, I'm just going to go back to my terminal window and I'm going to press 182 00:14:35,000 --> 00:14:40,000 control and see to quit the running program right here and now. 183 00:14:40,000 --> 00:14:47,000 If I go back to my Tor browser and refresh the page, you will see that I do not have connection. 184 00:14:47,000 --> 00:14:53,000 And that is perfect because what I just did right now, I disconnected from the VPN server and because 185 00:14:53,000 --> 00:14:55,000 I did that, I can't access anything. 186 00:14:56,000 --> 00:14:58,000 And this is exactly what we want. 187 00:14:58,000 --> 00:15:05,000 We want our computer to be configured in a way that it forces all traffic through the VPN server. 188 00:15:06,000 --> 00:15:11,000 If you want to go back to the previous configuration where traffic is forced through the Tor network 189 00:15:11,000 --> 00:15:14,000 directly, all you have to do is simply restart. 190 00:15:14,000 --> 00:15:15,000 Tails. 191 00:15:15,000 --> 00:15:16,000 Tails is amnesic. 192 00:15:16,000 --> 00:15:23,000 All of these configurations will disappear and you will be connecting to the Tor network directly as 193 00:15:23,000 --> 00:15:24,000 usual. 194 00:15:25,000 --> 00:15:32,000 Now this could be a feature and can be something annoying if you always want to connect to a VPN because 195 00:15:32,000 --> 00:15:35,000 every time you restart Thales you will have to do this. 196 00:15:35,000 --> 00:15:41,000 You'll have to do all of the steps that I showed you previously in order to connect your VPN provider, 197 00:15:41,000 --> 00:15:44,000 because your settings will be reset every time you restart.