Difference between revisions of "Whonix"
JeremyRand (talk | contribs) (Remove extraneous sudo) |
JeremyRand (talk | contribs) (Add a Known Issues section) |
||
Line 84: | Line 84: | ||
Launch the VM again; Whonix-Workstation should be running. | Launch the VM again; Whonix-Workstation should be running. | ||
+ | |||
+ | == Known Issues == | ||
+ | |||
+ | === Checking for virtualization === | ||
+ | |||
+ | <code>whonixcheck</code> in both VM's reports this error: | ||
+ | |||
+ | <nowiki>[ERROR] [whonixcheck] Virtualizer Failed to check for virtualization: Permission denied unsupported by Whonix developers! Whonixcheck aborted! (qubes_detected: false) | ||
+ | |||
+ | Using Virtualizer Failed to check for virtualization: Permission denied together with Whonix is recommended against, because it is rarely tested. [1] [2] [3] It could be made possible, but would require more Whonix contributors. | ||
+ | It may already work, but is highly experimental. | ||
+ | |||
+ | |||
+ | |||
+ | This might endanger your anonymity. Do not proceed unless you know what you are doing. | ||
+ | |||
+ | If you wish to ignore this warning and to continue whonixcheck anyway, you can set | ||
+ | WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER="1" | ||
+ | in /etc/whonix.d/30_whonixcheck_default.conf. | ||
+ | |||
+ | Recommended action: | ||
+ | - Shut down. | ||
+ | - Read Whonix documentation [4]. | ||
+ | - Use Whonix with a supported virtualizer or Physical Isolation [5]. | ||
+ | |||
+ | Footnotes: | ||
+ | |||
+ | [1] https://www.whonix.org/wiki/LeakTests | ||
+ | [2] https://www.whonix.org/wiki/Test | ||
+ | [3] https://www.whonix.org/wiki/Protocol-Leak-Protection_and_Fingerprinting-Protection | ||
+ | [4] https://www.whonix.org/wiki/Documentation | ||
+ | [5] https://www.whonix.org/wiki/Physical_Isolation</nowiki> | ||
+ | |||
+ | It is not clear why this error shows up, or whether anything bad will happen if it's ignored. |
Revision as of 20:47, 22 September 2018
Whonix (clearnet link) can be installed on the Talos using KVM.
Contents
Both Whonix-Gateway and Whonix-Workstation
Download Whonix-Gateway from the Whonix KVM download page (clearnet link).
Extract it:
tar -xvf Whonix-Gateway*.libvirt.xz
Install the Whonix virtual networks:
virsh -c qemu:///system net-define Whonix_external*.xml virsh -c qemu:///system net-define Whonix_internal*.xml virsh -c qemu:///system net-autostart external virsh -c qemu:///system net-start external virsh -c qemu:///system net-autostart internal virsh -c qemu:///system net-start internal
Then, create two Debian Stretch ppc64el VM's, launch a root shell in each, and follow the below instructions for each VM.
Install dirmngr
(this is required in order to import the Whonix signing key):
apt-get install dirmngr
Import the Whonix signing key (source):
apt-key --keyring /etc/apt/trusted.gpg.d/whonix.gpg adv --recv-keys 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
Add the Whonix package repository (source):
echo "deb http://deb.whonix.org stretch main" | tee /etc/apt/sources.list.d/whonix.list
Whonix-Gateway
Unfortunately, Whonix's tor
package, which is a required dependency of Whonix-Gateway, is not available for ppc64el. Debian's stretch-backports
repo does have a tor
package that works, we just need to edit its metadata to make the package manager happy. First, we download the tor
package and extract it:
echo "deb http://http.debian.net/debian stretch-backports main" | tee /etc/apt/sources.list.d/stretch-backports.list apt-get update apt-get download -t stretch-backports tor mkdir tor_extracted dpkg-deb -R ./tor_*.deb ./tor_extracted
Then, run the following command. It will fail with a dependency error, note the minimum tor
version that it wants.
apt-get install non-qubes-whonix-gateway-kde whonix-gateway-shared-packages-shared-meta whonix-gateway-packages-recommended-cli tor-geoipdb
Then, edit the metadata file:
nano tor_extracted/DEBIAN/control
And replace the Version field with the minimum version you noted earlier. Then exit nano
.
Rebuild the package and install it:
mkdir tor_rebuilt dpkg-deb -b tor_extracted tor_rebuilt apt-get install ./tor_rebuilt/tor*.deb
Now we can install the Whonix packages:
apt-get install non-qubes-whonix-gateway-kde
Shut off the VM.
Set the VM's NIC to use the external
Network source.
Add a 2nd NIC to the VM, and set it to use the internal
Network source.
Launch the VM again; Whonix-Gateway should be running.
Whonix-Workstation
This one's a lot easier, since Whonix's tor
package version isn't a requirement.
Install the Whonix packages:
apt-get update apt-get install non-qubes-whonix-workstation-kde
Shut off the VM.
Set the VM's NIC to use the internal
Network source.
Launch the VM again; Whonix-Workstation should be running.
Known Issues
Checking for virtualization
whonixcheck
in both VM's reports this error:
[ERROR] [whonixcheck] Virtualizer Failed to check for virtualization: Permission denied unsupported by Whonix developers! Whonixcheck aborted! (qubes_detected: false) Using Virtualizer Failed to check for virtualization: Permission denied together with Whonix is recommended against, because it is rarely tested. [1] [2] [3] It could be made possible, but would require more Whonix contributors. It may already work, but is highly experimental. This might endanger your anonymity. Do not proceed unless you know what you are doing. If you wish to ignore this warning and to continue whonixcheck anyway, you can set WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER="1" in /etc/whonix.d/30_whonixcheck_default.conf. Recommended action: - Shut down. - Read Whonix documentation [4]. - Use Whonix with a supported virtualizer or Physical Isolation [5]. Footnotes: [1] https://www.whonix.org/wiki/LeakTests [2] https://www.whonix.org/wiki/Test [3] https://www.whonix.org/wiki/Protocol-Leak-Protection_and_Fingerprinting-Protection [4] https://www.whonix.org/wiki/Documentation [5] https://www.whonix.org/wiki/Physical_Isolation
It is not clear why this error shows up, or whether anything bad will happen if it's ignored.