Home

Awesome

Voodoo Privacy

Protect your computer from unsecure environment with a very strict firewall and a strong VPN through Amazon EC2.

Update - July 2016

Thanks for your interest in this project! Lin Song has built a newer version which is tested with 2016 releases of Ubuntu/Debian/CentOS/RHEL and includes VPN setup instructions for a lot more platforms. It is available under the same license here.

The firewall

Voodoo privacy firewall gives you absolute control over your computer firewall so that you can control very precisely what is allowed in your computer, but also what is allowed out of your computer. This is very useful to protect your privacy, because it will allow you to block all broadcast packets that your computer might send when you turn it on.

The firewall rules are defined in voodoo-pf.conf, feel free to edit them. You need to at least define the interface that you will use to connect to an unsecure network. The other interfaces will be blocked.

When you run sudo ./voodoo.sh hostile, the rules in voodoo-pf.conf will be loaded and will replace all default rules of your Mac (including Network sharing, Application firewall, etc).

To get back to Apple default settings, run sudo ./voodoo.sh safe.

To see what packets get blocked, run sudo ./voodoo.sh log.

To find more information about how to write firewall rules for Open BSD packet-filter, run man pf.conf.

For more information, read the introduction article: http://www.sarfata.org/posts/secure-your-mac.md.

The VPN

Voodoo privacy also makes it very easy to set up a secure VPN gateway on Amazon EC2.

Setting up the VPN gateway (option 1: manually)

And that's it! Your server is now ready to accept connection from your mac. Get the public DNS name of your new server and resolve it to an IP address. You will need it in the next step.

Setting up the VPN gateway (option 2: automatically)

Configure the VPN on your Mac

This should also work on other types of OS but I have not tried yet.

For more information

For more explaination and help debugging, read my initial blog post about this: http://www.sarfata.org/posts/setting-up-an-amazon-vpn-server.md.

Compatibility with other OSs

Windows 8

Paul Tromans writes (in the comments on my blog):

To get this working with the built-in VPN client in Windows 8 I had to apply the registry tweak described here: http://support.microsoft.com/kb/926179/en-us. If anyone finds a better way to do this, then please post in the comments.

License

Copyright Thomas Sarlandie 2012

This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License: http://creativecommons.org/licenses/by-sa/3.0/.

Attribution required: please include my name in any derivative and let me know how you have improved it!

About Voodoo Privacy

Voodoo Privacy was born during Defcon XX to protect my very own privacy. The name comes from the rooftop bar of the Rio hotel where the conference was held.

Contributors