Linux VM on Windows 10

I'd like to set up a Linux VM on Windows 10 Pro host laptop, for web browsing (a few tabs on Firefox with LOTS of plugins) & messaging over separate VPN connection running in Linux, with battery life in mind. Should I use Hyper-V or VMWare vSphere Workstation Pro, and which Linux distribution would you recommend?

 

I'm using VMWare Workstation Pro. I personally don't know how it compares to the others. My setup for years was Win 7 Pro as host with Linux guests. Switched that up a few months ago - Linux host with Windows guests.

In regards to distro, after messing a bit with some different ones, here's my order of preference:

1) Linux Mint
2-3) Linux Mint (yes, I like it that much!)
4) OpenSUSE Leap
5) Ubuntu
7) Pop! OS
8) Fedora

I haven't tried any of the others like CentOS, Debian, etc.

 

@jclausius I generally prefer Debian-derived stuff - but in this particular case I need the most power-effective solution, and will go with whatever VM and distribution meet this goal best. Sadly, I can't try and test a bunch of VM-distro combinations to determine which one provides best battery life, since I need it up and running tomorrow, two days tops - hence the thread.

As for Linux host Windows guest - can't run it at all, Linux doesn't support Intel 802.11ad hardware. )'=

 

Pop! is used on laptops. Otherwise, my guess is the mainstream distros will all pretty much be the same wrt resources within a VM.

I wonder if Minix ( https://en.m.wikipedia.org/wiki/MINIX ) or BSD would suit your needs.

I wish you well.

 

@Starlight5 vSphere is a enterprise grade VM then, I will suggest installing Linux to the host itself w/o any VM. That's faster and gives you long battery life.
I felt Xubuntu or Lubuntu or Mint to be faster and less resource intensive. Also, you can use persistence on a USB flash drive.

 

@Vasudev installing Linux is sadly out of the question, it lacks support for my hardware.

I need some Windows traffic to bypass VPN occasionally. The only solution I see is to turn off VPN when this is needed, and use Linux VM with VPN for traffic that definitely requires it when VPN is off in Windows.

Maybe there's a better solution to my problem?

p.s. WSL sadly doesn't support iptables and there's no estimate, otherwise I'd just use the might of iptables on Windows and had no prolem routing traffic correctly whatsoever.

 

Is it CoffeeLake?

 

@Vasudev it's Skylake with Intel 18260 802.11ac/ad card and corresponding WiGiG dock.

USB persistence is out of the question, I still actually need Windows OS for the tasks that need to bypass VPN.

 

Other than your Intel wifi card everything else will work 100%.
Is it VPN software on Windows or pure VPN from ISP?

 

@Vasudev on Windows, I have VPN client from VPN provider, with killswitch, bells and whistles. On Linux, should be fine with properly configured iptables. Protocol is OpenVPN, of course.

 

I'm not understanding completely what you're seeking.

If you're just wanting to run a VM on the host machine I see no reason why you'd need to use vSphere.

 

@Plur I never used VMWare products, and their website is quite confusing. I don't know which exactly product of theirs is better suited for my task, but overall my google-fu shows VMWare is referred to as a leader in virtualization software.

 

Ah, makes sense, the whole virtualization environment can be quite confusing! In your case I think all that is required is VMWare Workstation Pro to create a virtual machine within your Windows OS.

With ESXi and installing an OS on the ESXi you'd need to access it via the vSphere client and then console to view the GUI. It's really datacenter level virtualization where the GUI isn't so important.

Hopefully I've helped a little

 

I second that. Its why I mentioned it to @Starlight5 in a previous post.

 

Great minds think alike.

I'm currently studying for my VCP6-DCV so was really happy to see a question like OPs on here!

 

@jclausius @Vasudev @Plur thank you all. I corrected my first post. Got carried away with other stuff, so will be setting up the VM, like, now.

@Plur so, battery-life wise, would you recommend Workstation Pro or Hyper-V?

 

Hyper-V is a level 1 Hypervisor the same as ESXi.

Stick with Workstation Pro

 

@Starlight5 Try the free version of VMware workstation player, if you liked it and need more features like easy snapshot and restore just buy the license and type it. No need to re-install current version.

 

Went with Workstation Pro and Lubuntu so far. Battery life with it is terrible. )'= Any tips to improve it?

 

Naturally battery life will suffer since you're taxing CPU, RAM and disk all the time. Considering installing TLP from Ubuntu store or use synaptic pkg mgr after adding TLP repo. Decrease VM swappiness from 80 to 10. Use this link https://sites.google.com/site/easylinuxtipsproject/first-xubuntu

 

Would someone please kindly recommend a good, tried & tested guide on implementing VPN killswitch which also protects from DNS leaks on Linux? I googled a few, implemented this one but all I got is total loss of DNS connectivity as a result. A number of typos should have scared me off right away. )'=

 

Windows is insecure. I would recommend a solid *nix distro as your base, then a mint VM and a windows VM for your different use-cases.

 

Hello there,

I would NOT recommend using iptables directly on an environment where firewall rules cannot be validated on the spot. It is entirely possible to configure iptables into an invalid state. You might even get locked out of your machine (over SSH, etc) when setting up iptables rules.

iptables is powerful, like a loaded gun. The kind you don't want pointed at you, and for that reason, I'd recommend ufw over using iptables directly.

Why?

Because ufw will not allow an invalid state on iptables.

Now, to your question:

Take a look at this:

1. Arch wiki's guide on simple stateful firewalls: https://wiki.archlinux.org/index.php/simple_stateful_firewall

And with that understanding, proceed to:

2. Using ufw to create a working VPN killswitch: https://gist.github.com/Necklaces/18b68e80bf929ef99312b2d90d0cded2

 

@Dennismungai thank you. I ended up getting rid of VMs, and just running everything on Windows, with couple apps bypassing VPN with the help of ForceBindIP64.

 

Nice! You've got it working the way you want it to, and that's what matters! Your needs, and your privacy first.

 

The same could be said of any operating system.

How a computing platform is set up matters more than what's running on it, from a security perspective.

Flagging *nix-based distros as inherently secure is an extension of security by obscurity. Implementation details matter, even where one platform may inherently be more secure by default.

A non existent firewall, outdated software, and bad user behavior(s) will not keep you secure just because you're on Linux.

Secondly, there's the issue of hardware support. If a user is able to meet his/her needs by virtualization rather than a bare metal installation, its' all well and good.

Linux, despite best efforts, will always lag behind proprietary operating systems in terms of hardware support (and usability). And that will be the trend for perhaps the coming decade or thereabouts.

 

Open source programmers don't have a tendency to write backdoors into their code.

 

As someone who writes both open and closed code, people who write closed code tend not to as well (its bad for business, especially in niche software).

In addition to what Dennis said, you also have to keep in mind that even if you have a perfect OS, the rest of the software/hardware you use might not be perfectly secure. No good if you have the Best OS if your router is leaking all your activity, or if someone sneaks in a hardware keylogger on your system, if you use a secure system insecurely (logging into Facebook while on Tor, for example, etc).

The security of the user is far just as important, if not more so, than the security of the system. You are the weakest link in security.

 

You can have open source software that's audited by thousands upon thousands of professionals, and used in countless implementations which require far higher security than the average person could ever need, for free, or you can rely on the guy with dollar signs in his head saying "Trust me." That's an easy choice to make.

 

"Telemetry."

 

“Block it via an external device”

Personally I use a super-janky setup via the parental controls on my router, though setting up a proper external firewall would be better.

——-

Anyway, I personally don’t see the point in this sort of OS debate. It’s pretty pointless imo; use the best tool for the job, who cares if you have some ideaological bent against it, you know?

 

In the information security field, the best tool for the job is invariably one where the tool isn't outright programmed to spy on you.

 

And regardless of whatever field you work in, you believe your employer isn’t monitoring your computer activity? . Nevermind that some distros have been guilty of spying on you as well (forgotten about the Ubuntu Amazon scandal?).

Anyway, I’m in the health insurance business and we use a mix of Windows 7/10 and macOS laptops, and our data is mostly stored on *nix servers and mainframes. There’s a place for whatever tool you’re considering.

At home, I use Win10 for my desktop and my primary laptop (gaming, yo), server is unRAID (based on Slackware), and my VMs are all some flavor of Linux (mainly Xubuntu).

————-

It doesn’t do a computer professional much good to be dogmatic, imo

 

Seconded. As someone who's written closed systems in both vertical market (US health care) and dev tools, while not having quite the number of eyeballs each commit and pull request is examined before it goes into production. Still selling systems in development for 15+ years.

By no means does this say this doesn't discourage *everyone", but the fastest way to lose users and customers (let alone end up in court or the unemployment line) for the honest code monkey is to purposefully screw them or code in something devious...