I’m planning a project to build a Kicksecure-style gateway VM for VirtualBox that confines all network activity to a dedicated VM (similar in concept to Whonix‑Gateway).
I have some technical experience but limited networking and Debian‑hardening knowledge, and I’m willing to learn.
My plan is to publish a how‑to: a Bash script that prepares a Kicksecure VM to act as a gateway, accompanied by step‑by‑step instructions for configuring VirtualBox network adapters manually. That’s the approach I’d take.
Has anyone attempted this before, and what pitfalls or architecture‑level issues should I watch for—particularly from people familiar with Kicksecure, Whonix network isolation, or general networking?
P.S. I’d probably use Mullvad as the default VPN.
Someone has tried basically this before, namely Whonix 
Obviously, that uses Tor rather than a VPN, but many of the concepts are likely the same.
The Whonix source code is probably a good source of info, especially the whonix-ws-network-conf, whonix-gw-network-conf, whonix-firewall, and derivative-maker repos (the last one is important since it will show you the VM configuration needed for this to work).
2 Likes
The first sentence made me giggle. Yes, you are correct, and the team at Whonix (and Kicksecure) have done a wonderful job. On a personal note, I’ve encountered limitations with Tor, specifically its lack of UDP support and relatively slow network throughput.
Thank you very much for the advice, time to dig through the source code.
1 Like
Mate, I’m not about to rubbish your idea, but if this is what you’re after, you’d be better off using Qubes and following a VPN network Qube guide. Then throw in Kicksecure template in the setup.
You see, the deal with employing Mullvad in this fashion is that it creates
a virtual interface. Now, that’s all well and good for one’s own machine, but the trouble arises when you expect downstream VMs to trot their traffic through it. You would have to figure out how to forward that traffic proper to downstream VM’s. Take a look at Qubes forum and see how people have done it that may be jolly fine source of info.
What’s more, we really ought to give VirtualBox a pass and use QEMU/KVM instead, unless you fancy “Citizens Will Be On Their Best Behaviour” yeah?