testing on Debian host #28
Description
Hi. I tested corridor on a Debian host running Whonix KVM guests.
Results:
- It blocks any new Whonix connections after the corridor service successfully starts while Tor connections on the host still work.
- LAN connections are permitted. Is this intentional? Its safer for this to be restricted unless a user wants otherwise. Imagine subscribing to a wireless carrier or ISP which assigns local addresses. Leaking anything to this non-trusted network is dangerous.
Two solutions come to mind: adding a LAN permission option to corridor for manual use. Out of scope of this ticket but an interesting topic that should be discussed: add a barebones captive portal responder on the host under its own user account that is exempted by corridor. This keeps leaks absolutely minimal and reduces attack surface when having to deal with captive portals.
/cc @adrelanos