WEBVTT 00:00.660 --> 00:08.010 Previously, we've seen how easy it is to connect to a VPN server if the provider offers a VPN client. 00:08.700 --> 00:13.590 As I said earlier, most VPN providers do not support Thales. 00:13.620 --> 00:19.860 Therefore, if you want to connect to a VPN from Thales and your provider does not support Thales, 00:19.860 --> 00:26.610 you'll have to manually modify the firewall settings, install the needed software and connect to the 00:26.610 --> 00:29.130 VPN server that you want to connect to. 00:29.730 --> 00:35.970 So in this lecture, I'm going to show you how to do that so that you can connect to any VPN server 00:35.970 --> 00:36.990 from Thales. 00:38.000 --> 00:43.440 Please keep in mind, like I said earlier, connecting to a VPN from Thales is optional. 00:43.460 --> 00:50.000 This is not a required step because as we know, Thales automatically forces all traffic to go through 00:50.000 --> 00:50.980 the Tor network. 00:50.990 --> 00:56.780 Therefore, by default it is more private and more anonymous than most operating systems. 00:57.260 --> 01:02.180 So the main thing that I'm actually going to be showing you in this lecture is how to configure Thales 01:02.300 --> 01:08.510 so that it redirects data to our VPN provider and then connect to this VPN provider. 01:09.080 --> 01:10.970 So let's go to Thales. 01:11.360 --> 01:13.970 As you can see here, I haven't even logged in yet. 01:14.000 --> 01:17.860 Before doing that, you need to add an admin account. 01:17.870 --> 01:23.150 So I showed you how to do that before we're going to click on the plus and we're going to click on the 01:23.150 --> 01:24.830 administrator password. 01:24.830 --> 01:31.610 And we're just going to set an admin password so that we can execute commands with admin privileges. 01:32.210 --> 01:37.400 We're going to click on Add to add it and then we're going to start Thales. 01:38.390 --> 01:44.450 Now, once your insight tells I'm going to go and start my terminal, so we're going to go to applications 01:44.450 --> 01:46.640 and run the terminal from here. 01:47.810 --> 01:52.580 This is basically a program that allows us to execute commands on the system. 01:52.610 --> 01:56.570 I know it sounds a little bit scary, but don't worry, I'm going to walk you through it. 01:56.690 --> 02:03.200 And the first thing I want to do is change my privileges to admin privileges, because I'm going to 02:03.200 --> 02:07.670 be modifying the system settings and I'm going to be installing additional software. 02:07.670 --> 02:10.520 Therefore, I need to be admin for this. 02:10.610 --> 02:16.010 So to change our permissions to admin, we're going to do sudo su. 02:17.060 --> 02:19.400 It's going to ask you for the admin password. 02:19.400 --> 02:23.780 So I'm going to put the password that I just said at the start of the video. 02:24.830 --> 02:31.670 Now, if you notice at the start, I was saying amnesia, which is the user that we were using at amnesia, 02:31.790 --> 02:38.360 but now it's saying root at amnesia, meaning that we're going to be executing commands as root. 02:38.390 --> 02:41.810 Root is the admin user account on the system. 02:42.380 --> 02:49.640 So I'm going to clear the screen and the first command that I want to run is a command to install OpenVPN. 02:49.670 --> 02:57.890 OpenVPN is a program that we're going to use in order to connect to our VPN server, regardless of what 02:57.890 --> 03:03.770 VPN provider you're using, whether you're using NORD or any other VPN provider, it doesn't really 03:03.770 --> 03:04.250 matter. 03:04.250 --> 03:07.130 You can use open VPN with all of them. 03:07.130 --> 03:11.300 So the first thing that we need to do is install this program on Thales. 03:11.300 --> 03:19.460 And to do that, all we have to do is do apt get this is the program entails that we can use to install 03:19.460 --> 03:28.070 other programs and what we want to do is install and the program that we want to install is called Open 03:28.070 --> 03:29.000 VPN. 03:30.120 --> 03:34.200 So apt get is a program that we use to install other programs. 03:34.200 --> 03:36.020 Install is what we want to do. 03:36.030 --> 03:41.610 We want to install another program and the program that we want to install is called OpenVPN. 03:42.240 --> 03:43.530 I'm going to hit enter. 03:44.710 --> 03:47.110 And this is telling me, do I really want to do this? 03:47.110 --> 03:48.130 I'm going to say yes. 03:48.130 --> 03:51.250 So I'm going to type Y from my keyboard and hit Enter. 03:52.950 --> 03:53.620 And perfect. 03:53.640 --> 03:57.070 Now OpenVPN is installed, as you can see in here. 03:57.090 --> 04:00.930 Now you can see the notification that we have right now. 04:00.930 --> 04:06.990 It's asking us if I want to install this program only once or install every time. 04:07.020 --> 04:11.250 If you click on install every time, Thales will install this program. 04:11.280 --> 04:15.090 Every time you start Thales because as we know, Thales this amnesic. 04:15.090 --> 04:20.430 So if you pick install only once, it will only be installed for the session. 04:20.430 --> 04:23.460 If you restart the computer, it will be removed. 04:23.580 --> 04:29.940 So I'm going to click on install every time and this way, every time I start Thales, it will automatically 04:29.940 --> 04:36.330 install openvpn for me and I'll be able to use it without doing the apt get command that we just did. 04:37.250 --> 04:44.810 So now that we have OpenVPN installed, we're actually ready to go and connect to our VPN. 04:44.870 --> 04:52.070 But before doing that, you need to go ahead and download the configuration files of your VPN. 04:52.100 --> 04:55.280 Now you need to get these from your VPN provider. 04:55.310 --> 04:58.000 Most VPN providers will give you that. 04:58.010 --> 05:00.080 The process of doing that is different. 05:00.080 --> 05:02.300 You might even need to communicate with them. 05:02.870 --> 05:08.090 But right now, I already have them downloaded in my Tor browser persistent directory. 05:08.090 --> 05:16.430 And here these are the configuration files that I need for my VPN provider to connect using openvpn. 05:16.910 --> 05:22.790 The main file which is the config file is the file with the dot VPN extension. 05:23.480 --> 05:31.040 If I double click this file, you'll see the open VPN configurations and all you need to do is basically 05:31.040 --> 05:32.310 run open VPN. 05:32.330 --> 05:38.510 The program that we just installed and tell it to use the configuration in this config file. 05:38.780 --> 05:40.610 This will work on any system. 05:40.610 --> 05:47.780 You can even do it from Windows or Linux, but it won't work from Thales because like I said earlier, 05:47.780 --> 05:52.090 Thales is configured to force all traffic through the Tor network. 05:52.100 --> 05:58.580 So before doing that, before trying to connect to our VPN, we need to modify the firewall settings 05:58.580 --> 06:05.720 so that all data is forced to go through the VPN first and then go to the Tor network. 06:06.400 --> 06:11.770 So to do that, I'm going to open the configuration file for the firewall. 06:11.890 --> 06:19.570 So I'm going to go back to my terminal and I'm going to do G, edit, g, edit is a text editor. 06:19.570 --> 06:23.950 So I'm basically saying I want to use a text editor to open a text file. 06:23.950 --> 06:30.670 And the text file that I want to open is the text file that controls the firewall in tails. 06:30.670 --> 06:39.790 So the that text file is stored in ETSI firm and the name of the text file is from dot com. 06:41.310 --> 06:42.580 So we're doing G. 06:42.600 --> 06:48.780 EDIT Because that's the text editor that we want to use and we're telling it we want to edit the following 06:48.780 --> 06:49.410 file. 06:50.280 --> 06:55.690 If I hit Enter, this will open the file for me, as you can see in here and what we want to do. 06:55.710 --> 07:01.350 Like I said, we want to add an exception for the VPN server that we want to connect to. 07:01.590 --> 07:09.150 So I'm going to scroll down and I'm going to look for where it says White List Access to local resources. 07:09.900 --> 07:16.110 And in here, we're going to add the information of this server that we want to connect to. 07:16.140 --> 07:19.860 We can get this information from here from the config file. 07:19.890 --> 07:23.910 Like I said, this is the file with the dot VPN extension. 07:24.510 --> 07:34.380 So the first thing we're going to do is type the ADR to specify the IP of the VPN server that we want 07:34.380 --> 07:35.370 to connect to. 07:35.850 --> 07:38.200 And we can get that from the config file. 07:38.220 --> 07:41.970 It's after the remote in here, so we have it right here. 07:42.540 --> 07:45.810 I'm just going to copy this and paste it here. 07:47.670 --> 07:50.100 Then we're going to need to specify the protocol. 07:50.100 --> 07:54.210 So I'm going to type protocol followed by the protocol. 07:54.270 --> 07:58.920 Again, looking at the config file, we can see the protocol is UDP. 07:59.250 --> 08:02.070 So again, we're just going to type UDP in here. 08:03.090 --> 08:05.040 Then we need to specify the port. 08:05.040 --> 08:08.250 So we're going to type the port again. 08:08.250 --> 08:11.820 We're going to get that from the config file, from the remote entry. 08:11.820 --> 08:15.240 So the remote contains the IP followed by the port. 08:15.240 --> 08:16.620 So we can see the port here. 08:16.620 --> 08:19.440 It's 1191 again. 08:19.440 --> 08:22.620 We go back here, 1191. 08:23.860 --> 08:31.870 And we're going to say for this specific IP with this specific protocol, with this port, I want you 08:31.870 --> 08:36.610 to allow the admin user, the root user, to do anything. 08:36.640 --> 08:46.390 So we're going to open two curly brackets and we're going to say mod owner, the UID of the owner is 08:46.390 --> 08:46.720 root. 08:46.750 --> 08:49.510 Like I said, root is the admin and Linux. 08:49.510 --> 08:56.680 And we're going to say we want to accept all connections that this user does to this specific IP with 08:56.680 --> 08:59.920 this specific protocol, with this specific port. 09:02.340 --> 09:10.140 The next thing that we need to do is redirect and force all traffic to go through this VPN server so 09:10.140 --> 09:15.600 that anything that the operating system does will have to flow this way and that way. 09:15.600 --> 09:21.990 It is very difficult for other programs to access the Internet directly and therefore leak information 09:21.990 --> 09:25.290 about our real IP and real identity. 09:26.070 --> 09:28.740 So to do that, we're going to scroll down. 09:30.270 --> 09:34.950 To where it says Thor is allowed to do anything it wants to do. 09:34.980 --> 09:42.510 We're going to say this can only be valid if the outer phase, so the interface in which data flows 09:42.510 --> 09:46.260 through is t, u and zero. 09:46.680 --> 09:52.020 Now t you and zero is a virtual interface that doesn't exist right now. 09:52.020 --> 09:55.890 It will be created once we connect to the VPN server. 09:55.890 --> 10:02.520 And what we're doing right now in here is forcing all traffic to go through this interface that will 10:02.520 --> 10:08.640 be creating the encrypted tunnel between our computer and the VPN server. 10:09.660 --> 10:11.000 So that's it right now. 10:11.010 --> 10:15.960 First of all, we added a rule to allow Thales to connect to the VPN server. 10:15.960 --> 10:23.010 And second, we configured the firewall to force all traffic to go through the connection of this VPN 10:23.010 --> 10:23.700 server. 10:23.880 --> 10:29.850 So I'm going to do control as to save this, and we're going to do control queue to quit the file. 10:30.180 --> 10:31.920 We're also done with the config. 10:31.920 --> 10:36.420 So I'm going to close it in here and I'm going to clear my screen. 10:37.200 --> 10:43.860 And right now we just have to do one more thing before connecting to the VPN server, which is restarting 10:43.860 --> 10:46.950 our firewall for these changes to take effect. 10:47.310 --> 10:56.130 To do that, we're going to do ETSI and IT the firm, which is the name of my firewall and we're going 10:56.130 --> 10:58.890 to say I want to restart this firewall. 10:59.130 --> 11:00.540 We're going to hit enter. 11:00.540 --> 11:05.940 And if you fail at this stage, it means that you misconfigured one of the rules. 11:05.940 --> 11:11.310 So please just revise the video and make sure you set up the rules exactly like I did. 11:12.030 --> 11:15.730 As you can see, I was able to restart it with no issues at all. 11:15.750 --> 11:21.960 Therefore, right now I am ready to go ahead and connect to my VPN server. 11:22.200 --> 11:25.260 Now, before doing that, let me just show you right here. 11:25.260 --> 11:32.970 As you can see, the configuration files are stored in my home persistent tor browser, so I need to 11:32.970 --> 11:37.860 navigate to this location before being able to use these files. 11:38.520 --> 11:45.180 So we're going to use the CD command to change my current working directory to this directory. 11:45.690 --> 11:49.350 So we're going to do CD followed by Persistent. 11:50.310 --> 11:53.700 And you can use the tap to autocomplete, for example. 11:53.700 --> 11:59.730 I'm just going to type T, o, r and press tab to autocomplete tor browser. 12:00.240 --> 12:04.650 If I hit enter, you'll see that I am inside the correct path right now. 12:04.650 --> 12:06.720 Same path as you see in here. 12:07.050 --> 12:13.200 Therefore, right now I can go ahead and use this file to connect to my VPN server. 12:13.680 --> 12:19.080 So we're going to use the program open VPN that we installed at the start of the video. 12:19.080 --> 12:25.230 So we're going to do OpenVPN dash dash config to specify the config file. 12:25.230 --> 12:31.470 And again, as you can see in my case, the config file right here is called config dot VPN. 12:31.710 --> 12:37.110 In your case, it might be called something else, but the config file is always the file that ends 12:37.110 --> 12:39.030 with dot VPN. 12:39.360 --> 12:45.900 So I'm going to type config dot VPN and before I hit enter, just going to go over the command. 12:45.900 --> 12:47.680 We're using open VPN. 12:47.700 --> 12:51.650 This is the program that will allow us to connect to our VPN server. 12:51.660 --> 12:59.010 We're doing the dash config to specify the config file and my config file is called config dot VPN. 12:59.760 --> 13:01.080 I'm going to hit enter. 13:01.620 --> 13:05.050 And as you can see, it's going to ask me for the password. 13:05.070 --> 13:10.950 This is your password to connect to your VPN server, not the password of the system. 13:11.160 --> 13:13.320 So I'm going to input mine right now. 13:14.220 --> 13:17.050 Hit enter and perfect. 13:17.070 --> 13:23.200 If you see initialization sequence completed, this means that the connection has been established. 13:23.220 --> 13:31.650 Now you will also notice that the onion icon in here will have an ex as if you're not connected to anything. 13:32.280 --> 13:33.660 Don't worry about this. 13:33.660 --> 13:39.870 You're seeing that because right now the traffic is forced to go through the VPN server, like I said. 13:39.870 --> 13:46.380 And that's why the system thinks that it's not connected, but it is actually connected to the VPN server. 13:46.980 --> 13:51.210 To confirm this, I'm going to go and run my tor browser. 13:53.080 --> 13:56.830 And I'm just going to go to check the tor project dot org. 13:58.040 --> 13:58.760 And perfect. 13:58.760 --> 14:04.760 As you can see, it's still enough that my browser right now is configured to use the Tor browser. 14:05.090 --> 14:11.870 So right now what's happening is we're connecting to the VPN first and then our traffic is routed to 14:11.870 --> 14:13.070 the Tor network. 14:13.070 --> 14:18.380 And then, like I said, we can bounce through three nodes and then go to the internet or stay within 14:18.380 --> 14:21.530 the Tor network and access onion hidden services. 14:22.290 --> 14:28.260 Now just to make sure that this is the way our computer is set up and it can't access the Tor network 14:28.260 --> 14:30.320 directly or the Internet directly. 14:30.330 --> 14:35.340 What I'm going to do in here, I'm just going to go back to my terminal window and I'm going to press 14:35.340 --> 14:40.470 control and see to quit the running program right here and now. 14:40.470 --> 14:47.100 If I go back to my Tor browser and refresh the page, you will see that I do not have connection. 14:47.100 --> 14:53.550 And that is perfect because what I just did right now, I disconnected from the VPN server and because 14:53.550 --> 14:55.890 I did that, I can't access anything. 14:56.400 --> 14:58.320 And this is exactly what we want. 14:58.320 --> 15:05.010 We want our computer to be configured in a way that it forces all traffic through the VPN server. 15:06.340 --> 15:11.470 If you want to go back to the previous configuration where traffic is forced through the Tor network 15:11.470 --> 15:14.410 directly, all you have to do is simply restart. 15:14.440 --> 15:15.010 Tails. 15:15.010 --> 15:16.460 Tails is amnesic. 15:16.480 --> 15:23.320 All of these configurations will disappear and you will be connecting to the Tor network directly as 15:23.320 --> 15:24.010 usual. 15:25.080 --> 15:32.130 Now this could be a feature and can be something annoying if you always want to connect to a VPN because 15:32.130 --> 15:35.400 every time you restart Thales you will have to do this. 15:35.400 --> 15:41.310 You'll have to do all of the steps that I showed you previously in order to connect your VPN provider, 15:41.310 --> 15:44.820 because your settings will be reset every time you restart.