1
00:00:00,750 --> 00:00:08,790
Previously we seen how easy it is to connect to a VPN server if the provider offers a VPN client.

2
00:00:08,820 --> 00:00:13,730
As I said earlier most VPN providers do not support Thales.

3
00:00:13,770 --> 00:00:20,220
Therefore if you want to connect to a VPN from Thales and your provider does not support Thales you'll

4
00:00:20,220 --> 00:00:27,540
have to manually modify the firewall settings installed the needed software and connect to the VPN server

5
00:00:27,540 --> 00:00:29,900
that you want to connect to.

6
00:00:29,910 --> 00:00:36,360
So in this lecture I'm going to show you how to do that so that you can connect to any VPN server from

7
00:00:36,360 --> 00:00:43,590
tells please keep in mind like I said earlier connecting to a VPN from Thales is optional.

8
00:00:43,590 --> 00:00:49,980
This is not a required step because as we know Thales automatically forces all traffic to go through

9
00:00:49,980 --> 00:00:51,070
the Tor network.

10
00:00:51,180 --> 00:00:57,450
Therefore by default it is more private and more anonymous than most operating systems.

11
00:00:57,450 --> 00:01:02,010
So the main thing that I'm actually going to be showing you in this lecture is how to configure Thales

12
00:01:02,490 --> 00:01:09,160
so that it redirects data to our VPN provider and then connect to this VPN provider.

13
00:01:09,270 --> 00:01:11,200
So let's go to Thales.

14
00:01:11,490 --> 00:01:14,070
As you can see here I haven't even logged in yet.

15
00:01:14,160 --> 00:01:17,790
Before doing that you need to add an admin account.

16
00:01:18,090 --> 00:01:19,930
So I showed you how to do that before.

17
00:01:20,020 --> 00:01:25,620
We're going to click on the plus and we're going to click on the administrator password and we're just

18
00:01:25,620 --> 00:01:32,130
going to set an admin password so that we can execute commands with Admin privileges.

19
00:01:32,250 --> 00:01:40,120
They're going to click on add two added and then we're gonna start tells Now once you're inside tells

20
00:01:40,380 --> 00:01:42,490
I'm going to go and start my terminal.

21
00:01:42,550 --> 00:01:46,480
So we're gonna go through applications and run the terminal from here.

22
00:01:47,980 --> 00:01:52,810
This is basically a program that allow us to execute commands on the system.

23
00:01:52,810 --> 00:01:57,520
I know it sounds a little bit scary but don't worry I'm gonna walk you through it and the first thing

24
00:01:57,550 --> 00:02:04,870
I want to do is change my privileges to admin privileges because I'm going to be modifying the system

25
00:02:04,870 --> 00:02:07,750
settings and I'm going to be installing additional software.

26
00:02:07,840 --> 00:02:13,200
Therefore I need to be admin for this so to change our permissions to admin.

27
00:02:13,220 --> 00:02:20,920
We're gonna do sudo as you it's going to ask you for the admin password so I'm gonna put the password

28
00:02:20,950 --> 00:02:24,950
that I just said at the start of the video.

29
00:02:25,020 --> 00:02:31,530
Now if you notice at the start I was saying amnesia which is the user that we were using at amnesia

30
00:02:31,990 --> 00:02:39,460
but now it's saying rude at amnesia meaning that we're gonna be executing commands as rude rude is the

31
00:02:39,490 --> 00:02:45,880
admin user account on the system so I'm going to clear the screen and the first command that I want

32
00:02:45,880 --> 00:02:54,130
to run is a command to install open VPN open VPN is a program that we're going to use in order to connect

33
00:02:54,280 --> 00:03:02,440
to our VPN server regardless of what VPN provider you're using whether you use a node or any other VPN

34
00:03:02,440 --> 00:03:03,130
provider.

35
00:03:03,160 --> 00:03:04,390
It doesn't really matter.

36
00:03:04,390 --> 00:03:07,310
You can use open VPN with all of them.

37
00:03:07,360 --> 00:03:12,610
So the first thing that we need to do is install this program on tells and to do that.

38
00:03:12,640 --> 00:03:15,800
All we have to do is do abd get.

39
00:03:15,970 --> 00:03:23,530
This is the program entails that we can use to install other programs and what we want to do is install

40
00:03:24,180 --> 00:03:33,020
and the program that we want to install is called Open VPN so apt get is a program that we use to install

41
00:03:33,080 --> 00:03:38,870
other programs install is what we want to do we want to install another program and the program that

42
00:03:38,870 --> 00:03:42,410
we want to install is called Open VPN.

43
00:03:42,410 --> 00:03:47,150
I'm going to hit enter and this is TELL ME DO I REALLY WANT TO DO THIS.

44
00:03:47,170 --> 00:03:53,630
I'm going to say yes so I'm going to type away from my keyboard and hit enter and perfect.

45
00:03:53,630 --> 00:03:57,200
Now open VPN is installed as you can see in here.

46
00:03:57,320 --> 00:04:04,100
Now you can see the notification that we have right now it's asking us if I want to install this program

47
00:04:04,140 --> 00:04:06,910
on the once or install every time.

48
00:04:07,190 --> 00:04:13,280
If you click on installed every time Thales will install this program every time you start tales because

49
00:04:13,340 --> 00:04:15,220
as we know it tells us amnesia.

50
00:04:15,230 --> 00:04:22,120
So if you pick install on the ones it'll only be installed for the session if you restart the computer.

51
00:04:22,140 --> 00:04:23,700
It will be removed.

52
00:04:23,810 --> 00:04:29,960
So I'm going to click on install every time and this way every time I'm a star tails it'll automatically

53
00:04:29,960 --> 00:04:35,810
install open VPN for me and I'll be able to use it without doing the app to get commands that we just

54
00:04:35,810 --> 00:04:37,280
did.

55
00:04:37,440 --> 00:04:44,860
So now that we have open VPN installed we're actually ready to go and connect to our VPN.

56
00:04:45,030 --> 00:04:52,300
But before doing that you need to go ahead and download the configuration files of your VPN.

57
00:04:52,320 --> 00:04:55,470
Now you need to get these from your VPN Provider.

58
00:04:55,470 --> 00:04:58,040
Most VPN providers will give you that.

59
00:04:58,170 --> 00:05:00,120
The process of doing that is different.

60
00:05:00,120 --> 00:05:02,220
You might even need to communicate with them.

61
00:05:03,060 --> 00:05:09,230
But right now I already have them downloaded in my Tor Browser persistent directory in here.

62
00:05:09,360 --> 00:05:17,040
These are the configuration files that I need for my VPN provider to connect use an open VPN.

63
00:05:17,040 --> 00:05:23,580
The main file which is the conflict file is the file with the dot o VPN extension.

64
00:05:23,580 --> 00:05:31,020
If I double click this file you'll see the open VPN configurations and all you need to do is basically

65
00:05:31,020 --> 00:05:32,330
run open VPN.

66
00:05:32,340 --> 00:05:38,850
The programs that we just installed and tell it to use the configuration in this config file.

67
00:05:38,970 --> 00:05:45,660
This will work on any system you can even do it from Windows or Linux but it won't work from Thales

68
00:05:45,840 --> 00:05:52,210
because like I said earlier Thales is configured to force all traffic through the Tor network.

69
00:05:52,290 --> 00:05:59,010
So before doing that before trying to connect to our VPN we need to modify the firewall settings so

70
00:05:59,010 --> 00:06:07,830
that all data is forced to go through the VPN first and then go to the TOR network so to do that.

71
00:06:07,950 --> 00:06:14,580
I'm going to open the configuration file for the firewall so I'm going to go back to my terminal and

72
00:06:14,640 --> 00:06:15,970
I'm going to do G.

73
00:06:16,050 --> 00:06:23,790
Edit the edit is a text editor so I'm basically saying I want to use a text editor to open a text file

74
00:06:24,180 --> 00:06:30,530
and the text file that I want to open is the text file that controls the firewall in tails.

75
00:06:30,930 --> 00:06:39,910
So the that text file is stored in ATC firm and the name of the text file is firm dot com.

76
00:06:41,470 --> 00:06:47,350
So we're doing G edits because that's the text editor that we want to use and we're telling it we want

77
00:06:47,350 --> 00:06:50,380
to edit the following file.

78
00:06:50,380 --> 00:06:52,770
If I had entered this will open the file for me.

79
00:06:52,780 --> 00:06:59,500
As you can see in here and what we want to do like I said we want to add an exception for the VPN server

80
00:06:59,680 --> 00:07:01,180
that we want to connect to.

81
00:07:01,780 --> 00:07:09,470
So I'm going to scroll down and I'm going to look for where it says whitelist access to local resources.

82
00:07:10,000 --> 00:07:16,390
And in here we're going to add the information of this server that we want to connect to.

83
00:07:16,390 --> 00:07:19,950
We can get this information from here from the conflict file.

84
00:07:19,990 --> 00:07:24,540
Like I said this is the file with the dot o VPN extension.

85
00:07:24,700 --> 00:07:34,390
So the first thing we're going to do is type D A D D R to specify the IP of the VPN server that we want

86
00:07:34,390 --> 00:07:38,130
to connect to and we can get that from the conflict file.

87
00:07:38,370 --> 00:07:40,270
It's after the remote in here.

88
00:07:40,330 --> 00:07:42,570
So we have it right here.

89
00:07:42,670 --> 00:07:50,120
I'm just going to copy this and paste it here then we're going to need to specify the protocol.

90
00:07:50,140 --> 00:07:54,260
So I'm going to type protocol followed by the protocol.

91
00:07:54,400 --> 00:07:59,410
Again looking at the conflict file we can see the protocol is UDP.

92
00:07:59,410 --> 00:08:05,080
So again we're just going to type UDP in here then we need to specify the port.

93
00:08:05,140 --> 00:08:11,170
So we're going to type deep port again we're going to get that from the conflict file from the remote

94
00:08:11,200 --> 00:08:16,620
entry so the remote contains the IP followed by the port so we can see the port here.

95
00:08:16,630 --> 00:08:19,090
It's 1 1 9 1.

96
00:08:19,090 --> 00:08:29,730
Again we go back here 1 1 9 1 and we're gonna save for this specific IP with this specific protocol

97
00:08:29,760 --> 00:08:31,230
with this port.

98
00:08:31,290 --> 00:08:36,870
I want you to allow the admin user the route user to do anything.

99
00:08:36,870 --> 00:08:46,720
So we're gonna open two curly brackets and we're gonna see mod owner the new I.D. of the owner is rude

100
00:08:46,740 --> 00:08:53,490
like I said root is the admin in Linux and we're gonna say we want to accept all connections that this

101
00:08:53,490 --> 00:09:03,270
user does to this specific IP with this specific protocol with this specific port the next thing that

102
00:09:03,270 --> 00:09:11,310
we need to do is redirect and force all traffic to go through this VPN server so that anything that

103
00:09:11,310 --> 00:09:17,940
the operating system does will have to flow this way and that way it is very difficult for other programs

104
00:09:17,940 --> 00:09:26,250
to access the Internet directly and therefore leak information about our real IP and real identity.

105
00:09:26,250 --> 00:09:34,400
So to do that we're going to scroll down to where it says Tor is allowed to do anything it wants to

106
00:09:34,400 --> 00:09:35,090
do.

107
00:09:35,150 --> 00:09:39,740
We're gonna say this can only be valid if the outer face.

108
00:09:39,770 --> 00:09:50,810
So the interface in which data flows through is t u and 0 now 2 and 0 is a virtual interface that doesn't

109
00:09:50,810 --> 00:09:52,050
exist right now.

110
00:09:52,130 --> 00:09:58,780
It will be created once we connect to the VPN server and what we're doing right now in here is force

111
00:09:58,780 --> 00:10:05,540
and all traffic to go through this interface that will be creating the encrypted tunnel between our

112
00:10:05,540 --> 00:10:10,430
computer and the VPN server so that's it.

113
00:10:10,430 --> 00:10:15,920
Right now first of all we added a rule to allow Thales to connect to the VPN server.

114
00:10:16,160 --> 00:10:23,000
And second we configured the firewall to force all traffic to go through the connection of this VPN

115
00:10:23,000 --> 00:10:23,510
server.

116
00:10:24,080 --> 00:10:24,700
So I'm gonna do.

117
00:10:24,700 --> 00:10:30,310
Control is to save this and we're gonna do control q to quit the file.

118
00:10:30,350 --> 00:10:37,820
We're also done with the config so I'm going to close it in here and I'm gonna clear my screen and right

119
00:10:37,850 --> 00:10:44,660
now we just have to do one more thing before connecting to the VPN server which is restarting our firewall

120
00:10:44,720 --> 00:10:47,260
for these changes to take effect.

121
00:10:47,450 --> 00:10:56,210
To do that we're going to do ATC in it the D firm which is the name of my firewall and we're going to

122
00:10:56,210 --> 00:10:59,330
say I want to restart this firewall.

123
00:10:59,330 --> 00:11:06,050
We're going to hit enter and if you fail at the stage it means that you miss configured one of the rules.

124
00:11:06,080 --> 00:11:11,990
So please just revise the video and make sure you set up the rules exactly like I did.

125
00:11:12,080 --> 00:11:15,930
As you can see I was able to restart it with no issues at all.

126
00:11:15,950 --> 00:11:24,200
Therefore right now I am ready to go ahead and connect to my VPN server now before doing that let me

127
00:11:24,200 --> 00:11:25,270
just show you right here.

128
00:11:25,280 --> 00:11:29,860
As you can see the configuration files are stored in my home.

129
00:11:29,900 --> 00:11:32,120
Persistent tor browser.

130
00:11:32,270 --> 00:11:38,660
So I need to navigate to this location before being able to use these files.

131
00:11:38,660 --> 00:11:45,740
So we're going to use the CDE command to change my current working directory to this directory.

132
00:11:45,860 --> 00:11:53,750
So we're going to do CDE followed by persistent and you can use the TARP to auto complete for example.

133
00:11:53,750 --> 00:12:00,410
I'm just gonna type T O R and press tab to auto complete tor browser.

134
00:12:00,410 --> 00:12:04,670
If I hit enter you'll see that I am inside the correct path right now.

135
00:12:04,670 --> 00:12:06,560
Same path as you see in here.

136
00:12:07,220 --> 00:12:13,130
Therefore right now I can go ahead and use this file to connect to my VPN server.

137
00:12:13,820 --> 00:12:19,110
So we're going to use the program open VPN that we installed at the start of the video.

138
00:12:19,280 --> 00:12:27,080
So we're gonna do open VPN dash dash config to specify the config file and again as you can see in my

139
00:12:27,080 --> 00:12:31,680
case the conflict file right here is called config dot or VPN.

140
00:12:31,880 --> 00:12:37,490
In your case it might be called something else but the config file is always the file that ends with

141
00:12:37,490 --> 00:12:38,880
DOT or VPN.

142
00:12:39,530 --> 00:12:44,220
So I'm gonna type config that or VPN and before I had entered.

143
00:12:44,240 --> 00:12:47,720
Just gonna go over the command or use an open VPN.

144
00:12:47,720 --> 00:12:51,780
This is the program that will allow us to connect to our VPN server.

145
00:12:51,860 --> 00:12:57,560
We're doing dash dash contact to specify the config file and my config file is called config.

146
00:12:57,560 --> 00:13:00,930
That old VPN I'm going to hit enter.

147
00:13:01,760 --> 00:13:05,220
And as you can see it's going to ask me for the password.

148
00:13:05,240 --> 00:13:11,390
This is your password to connect to your VPN server not the password of the system.

149
00:13:11,390 --> 00:13:15,820
So I'm going to input mine right now here and there.

150
00:13:16,110 --> 00:13:16,810
And perfect.

151
00:13:17,240 --> 00:13:23,340
If you see initialization sequence completed this means that the connection has been established.

152
00:13:23,450 --> 00:13:32,320
Now you will also notice that the Onion icon in here will have an X as if you're not connected to anything.

153
00:13:32,390 --> 00:13:33,700
Don't worry about this.

154
00:13:33,770 --> 00:13:39,010
You're seeing that because right now the traffic is forced to go through the VPN server.

155
00:13:39,020 --> 00:13:45,080
Like I said and that's why the system thinks that it's not connected but it is actually connected to

156
00:13:45,080 --> 00:13:48,320
the VPN server to confirm this.

157
00:13:48,320 --> 00:13:51,260
I'm gonna go and run my tor browser.

158
00:13:53,120 --> 00:14:00,190
And I'm just gonna go to check the Tor Project dot org and perfect as you can see it's still announced

159
00:14:00,250 --> 00:14:04,550
that my browser right now is configured to use data or browser.

160
00:14:05,270 --> 00:14:11,840
So right now what's happening is we're connecting to the VPN first and then our traffic is routed to

161
00:14:11,840 --> 00:14:17,750
the TOR network and then like I said we can bounce through three nodes and then go to the Internet or

162
00:14:17,750 --> 00:14:22,240
stay within the Tor network and access on hidden services.

163
00:14:22,420 --> 00:14:28,240
Now just to make sure that this is the way our computer is set up and it can't access the terror network

164
00:14:28,240 --> 00:14:30,430
directly or the Internet directly.

165
00:14:30,520 --> 00:14:35,350
What I'm going to do in here I'm just going to go back to my terminal window and I'm going to press

166
00:14:35,350 --> 00:14:43,210
control and see to quit the running program right here and now if I go back to my Tor Browser and refresh

167
00:14:43,210 --> 00:14:49,720
the page you will see that I do not have connection and that is perfect because while I just did right

168
00:14:49,720 --> 00:14:56,180
now I disconnected from the VPN server and because I did that I can't access anything.

169
00:14:56,620 --> 00:14:58,350
And this is exactly what we want.

170
00:14:58,350 --> 00:15:06,580
We want our computer to be configured in a way that it forces all traffic through the VPN server if

171
00:15:06,580 --> 00:15:12,130
you want to go back to the previous configuration where traffic is forced through the Tor network directly.

172
00:15:12,580 --> 00:15:15,030
All you have to do is simply restart tails.

173
00:15:15,070 --> 00:15:16,550
Tails is amnesiac.

174
00:15:16,600 --> 00:15:23,080
All of these configurations will disappear and you will be connected to the TOR network directly.

175
00:15:23,080 --> 00:15:30,520
As usual now this could be a feature and can be something annoying if you always want to connect to

176
00:15:30,520 --> 00:15:36,880
a VPN because every time you restart tails you will have to do this you will have to do all of the steps

177
00:15:36,880 --> 00:15:43,240
that I showed you previously in order to connect your VPN provider because your settings will be reset

178
00:15:43,270 --> 00:15:44,620
every time you restart.