Every linux distro has /dev/random as a good, cryptographically secure source of randomness that is refilled by as many sources as possible. It can and has been audited by many developers to ensure this. The main issue you will have is having multiple identical instances of a linux VM built from a single source, or something like that.
Alternatively, you suggest a sole remote source over a public internet connection. Assuming an eavesdropper, the source could be compromised or the strength of the resulting cipher be reduced. Assuming a malicious entity with network control, you're pretty much screwed.
If you don't trust your hardware, you can't be working with encryption.
Software can only do so much without good hardware sources. A small embedded box, barred from networking, has roughly zero entropy available. But if you combine microsecond network timings, only vulnerable to local attack, with third party random data that is safe from mitm, you get resonably good random numbers. Don't use it to generate a root certificate, but it'll work for general purposes.
How about this: it's much easier for an attacker to physically compromise the device than it is for them to attack your network AND attack random.org.
Is that not good enough? It's about as secure as your average desktop. You can't make a device more secure than the access to it, and there is no such thing as perfect security.
Alternatively, you suggest a sole remote source over a public internet connection. Assuming an eavesdropper, the source could be compromised or the strength of the resulting cipher be reduced. Assuming a malicious entity with network control, you're pretty much screwed.
If you don't trust your hardware, you can't be working with encryption.