LIGISTX
Guru
- Joined
- Apr 12, 2015
- Messages
- 525
So, I am trying to determine how I would go about running a preferably Fedora VM that is on a VPN to a friends house. Now, I say friend, but said friend likes to get drunk and “practice his coding skills in less than stellar ways... if I give him a way in, he will probably jack with my stuff for “fun””.
Point is, I’m not sure how to do this under a freenas VM since you can’t pass a VM a mount point like you can a jail, and I’m not sure exactly how the security of split tunneling works to be honest. Even if my friend didn’t do anything nefarious, if his network was compromised I don’t want my network to be a simple jump away from compromise as well.
What would be an ideal solution for setting up a VM with a VPN connection, but that VM also have the ability to access local freenas hosted data without opening up my freenas box/network to attack. If the attacker had to get into and go through my fedora VM itself I wouldn’t be to worried, it won’t have ssh turned on and have strong passwords ect. If someone can break into fedora.... I think my windows network will provide a much easier attack vector than a fedora VM. Although, I am by no means a network/hardening guru AT ALL, so maybe with networked access to the fedora box that wouldn’t be as hard as I imagine it to be.
I’m not sure what sort of options there are, but any advice or a point in the right direction would be wonderful.
Sent from my iPhone using Tapatalk
Point is, I’m not sure how to do this under a freenas VM since you can’t pass a VM a mount point like you can a jail, and I’m not sure exactly how the security of split tunneling works to be honest. Even if my friend didn’t do anything nefarious, if his network was compromised I don’t want my network to be a simple jump away from compromise as well.
What would be an ideal solution for setting up a VM with a VPN connection, but that VM also have the ability to access local freenas hosted data without opening up my freenas box/network to attack. If the attacker had to get into and go through my fedora VM itself I wouldn’t be to worried, it won’t have ssh turned on and have strong passwords ect. If someone can break into fedora.... I think my windows network will provide a much easier attack vector than a fedora VM. Although, I am by no means a network/hardening guru AT ALL, so maybe with networked access to the fedora box that wouldn’t be as hard as I imagine it to be.
I’m not sure what sort of options there are, but any advice or a point in the right direction would be wonderful.
Sent from my iPhone using Tapatalk