mirror of
https://github.com/ditatompel/insights.git
synced 2025-01-08 03:12:06 +07:00
chore: Added "Whonix on KVM" article (EN)
This commit is contained in:
parent
17745e1274
commit
da617646d6
4 changed files with 212 additions and 0 deletions
BIN
content/tutorials/whonix-on-kvm/feature-whonix-kvm.jpg
Normal file
BIN
content/tutorials/whonix-on-kvm/feature-whonix-kvm.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 94 KiB |
212
content/tutorials/whonix-on-kvm/index.md
Normal file
212
content/tutorials/whonix-on-kvm/index.md
Normal file
|
@ -0,0 +1,212 @@
|
|||
---
|
||||
title: Whonix on KVM for Online Privacy
|
||||
description: Get started with Whonix KVM, how to install and configure this secure environment for better online privacy.
|
||||
summary: Get started with Whonix KVM, how to install and configure this secure environment for better online privacy.
|
||||
date: 2024-11-17T17:30:00+07:00
|
||||
lastmod:
|
||||
draft: false
|
||||
noindex: false
|
||||
nav_weight: 1000
|
||||
categories:
|
||||
- Privacy
|
||||
tags:
|
||||
- Whonix
|
||||
- KVM
|
||||
- Linux
|
||||
images:
|
||||
authors:
|
||||
- ditatompel
|
||||
---
|
||||
|
||||
In today's digital age, online privacy is a crucial aspect of our lives. With
|
||||
the increasing amount of personal data being collected and stored online, it is
|
||||
essential to understand the importance of protecting our individual rights to
|
||||
privacy.
|
||||
|
||||
## Intro to Whonix
|
||||
|
||||
If you're looking for a solution to protect your online privacy,
|
||||
[Whonix][whonix-web] is an excellent option. Whonix is a Linux-based
|
||||
distribution specifically designed with privacy and security in mind, providing
|
||||
its users with a robust platform for shielding their digital footprints.
|
||||
|
||||
One of the key features that makes Whonix an attractive option for me is its
|
||||
KVM images. These images enable users to create isolated virtual machines that
|
||||
can be easily spun up and down as needed.
|
||||
|
||||
In this article, I will summarize my steps to set up and run Whonix system
|
||||
using KVM and Virt-Manager. This covers everything from creating the KVM
|
||||
images and virtual networks for both the Gateway and Workstation
|
||||
configurations to successfully booting up your secure Whonix environment.
|
||||
|
||||
However, before starting, you need to install [KVM][kvm-web] and
|
||||
[Virt-Manager][virt-manager-web] first. I have uploaded a [video documentation
|
||||
of my installation process for Virt-Manager on Arch
|
||||
Linux][virt-manager-install-yt]; please watch the video if needed.
|
||||
|
||||
## Download and Configuring Whonix KVM
|
||||
|
||||
Download the [compressed archive of Whonix KVM][whonix-kvm-archives] from its
|
||||
official page and place it in the `~/Downloads` directory. There are two
|
||||
versions: GUI and CLI. The Whonix CLI version is designed for advanced users
|
||||
who want to use Whonix without a graphical user interface (GUI). In this
|
||||
article, I will be using the GUI version, which uses **Xfce** as its desktop
|
||||
environment.
|
||||
|
||||
Extract the downloaded archive using the `tar` utility:
|
||||
|
||||
```shell
|
||||
cd ~/Downloads
|
||||
tar -xvf Whonix*.libvirt.xz
|
||||
```
|
||||
|
||||
The extracted archive contains important documents, including the License
|
||||
Agreement and disclaimer, as well as XML templates and Whonix image files for
|
||||
both Gateway and Workstation.
|
||||
|
||||
You can modify the XML files and adjust the virtual machine settings before
|
||||
importing them. But, unless you're familiar with libvirt's XML structure,
|
||||
editing the default configuration is not recommended; instead, make
|
||||
modifications through Virt-Manager later if needed.
|
||||
|
||||
### Adding Whonix Virtual Networks
|
||||
|
||||
To add virtual networks for your Whonix virtual machines, import both
|
||||
`Whonix_external_network.xml` and `Whonix_internal_network.xml` by issuing
|
||||
these commands:
|
||||
|
||||
```shell
|
||||
sudo virsh -c qemu:///system net-define Whonix_external*.xml
|
||||
sudo virsh -c qemu:///system net-define Whonix_internal*.xml
|
||||
```
|
||||
|
||||
Open the Virt-Manager application, right-click on your KVM connection, and
|
||||
select **"Details"** from the menu. Then, go to the **"Virtual Networks"** tab
|
||||
and ensure that the **"Auto Start on Boot"** checkbox is checked for both
|
||||
Whonix Internal and Whonix External virtual networks.
|
||||
|
||||
![Whonix Network Auto Start](whonix-network-auto-start.jpg#center)
|
||||
|
||||
The Whonix Internal network is an isolated, virtual network shared between
|
||||
the Whonix-Gateway and the Whonix-Workstation. This network is entirely
|
||||
separate from the external network and does not directly connect to the
|
||||
Internet.
|
||||
|
||||
The external network used by the Whonix-Gateway to establish a connection with
|
||||
the Tor network via the host machine's network interface. In summary, the
|
||||
Whonix-Gateway acts as the sole router for the Whonix-Workstation, ensuring
|
||||
that all traffic is anonymized through the Tor Network.
|
||||
|
||||
![Whonix Concept](whonix-concept-detailed.jpg#center)
|
||||
|
||||
### Whonix Image Files
|
||||
|
||||
The Whonix XML files are configured to use image files from the
|
||||
`/var/lib/libvirt/images` directory, which is the default libvirt storage
|
||||
location for most Linux distributions.
|
||||
|
||||
Go back to the terminal and move the Whonix VM image files to the
|
||||
`/var/lib/libvirt/images` directory:
|
||||
|
||||
```shell
|
||||
sudo mv Whonix-Gateway*.qcow2 /var/lib/libvirt/images/Whonix-Gateway.qcow2
|
||||
sudo mv Whonix-Workstation*.qcow2 /var/lib/libvirt/images/Whonix-Workstation.qcow2
|
||||
```
|
||||
|
||||
**Note**: Whonix disk images are **sparse files**, which means that you need
|
||||
to use the `--sparse=always` flag when copying them instead of moving them. For
|
||||
example:
|
||||
|
||||
```shell
|
||||
sudo cp --sparse=always Whonix-Gateway*.qcow2 /var/lib/libvirt/images/Whonix-Gateway.qcow2
|
||||
sudo cp --sparse=always Whonix-Workstation*.qcow2 /var/lib/libvirt/images/Whonix-Workstation.qcow2
|
||||
```
|
||||
|
||||
### Importing Whonix VM Templates
|
||||
|
||||
Import your Whonix-Gateway and Workstation virtual machines from the XML
|
||||
configuration file. To do this, run the following commands in the terminal:
|
||||
|
||||
```shell
|
||||
sudo virsh -c qemu:///system define Whonix-Gateway*.xml
|
||||
sudo virsh -c qemu:///system define Whonix-Workstation*.xml
|
||||
```
|
||||
|
||||
Note that these commands will import the XML configuration files and create the
|
||||
corresponding virtual machines. Make sure you have the correct file names and
|
||||
paths to avoid errors.
|
||||
|
||||
Additionally, after importing the templates, you may want to verify that your
|
||||
virtual machines are created successfully by checking their status using the
|
||||
following command:
|
||||
|
||||
```bash
|
||||
sudo virsh list --all
|
||||
```
|
||||
|
||||
This will display a list of all the virtual machines running on your system,
|
||||
including the Whonix-Gateway and Workstation.
|
||||
|
||||
### Whonix-Gateway CLI mode
|
||||
|
||||
If your host operating system has limited RAM, you can run Whonix-Gateway in
|
||||
CLI mode by simply changing the memory allocation to 512MB or less. However,
|
||||
please be aware that resource-intensive operations, such as upgrading the
|
||||
operating system with a minimum amount of memory, can cause virtual machines
|
||||
to freeze or become unresponsive. To avoid this, make sure to allocate
|
||||
sufficient resources to your Whonix VMs, especially when performing any
|
||||
software updates or upgrades.
|
||||
|
||||
Apart from controlling Tor and installing updates, there is not much else to
|
||||
do on Whonix-Gateway. Activities such as running applications, especially the
|
||||
Tor Browser, should never be started on Whonix-Gateway. Instead,
|
||||
all user-centric applications ought to be launched from Whonix-Workstation to
|
||||
safely utilize the Tor network.
|
||||
|
||||
## Using Whonix-Workstation
|
||||
|
||||
Since Whonix-Workstation relies on Whonix-Gateway for online functionality, you
|
||||
need to start the Whonix-Gateway before booting up the Whonix-Workstation.
|
||||
Failure to do so will result in the Whonix-Workstation being unable to connect
|
||||
to the Internet or access external resources.
|
||||
|
||||
### Pre-installed Applications and Utilities
|
||||
|
||||
Whonix-Workstation provides bunch of utilities to maintain the VM, such as
|
||||
upgrading the operating system without requiring root privileges using
|
||||
`upgrade-nonroot` utility. It also provides stream isolation for many
|
||||
pre-installed or custom-installed applications, such as **Hexchat** and
|
||||
**Thunderbird**, using a dedicated Tor `SocksPort` to prevent identity
|
||||
correlation that may otherwise occur.
|
||||
|
||||
## My View on Privacy and Anonymity
|
||||
|
||||
Online privacy and anonymity have become intertwined concepts, but, they're
|
||||
not exactly the same thing. In my view, online privacy refers to the ability
|
||||
to control who has access to our personal information, while online anonymity
|
||||
refers to the ability to conceal or hide our identity online.
|
||||
|
||||
Online anonymity can often increase online privacy in several ways:
|
||||
|
||||
1. **Masking Personal Data**: By using Tor or I2P, individuals can mask their
|
||||
IP addresses, locations, and browsing habits.
|
||||
2. **Reducing Surveillance**: Online anonymity can reduce the amount of
|
||||
surveillance being conducted on individuals, as it becomes harder for
|
||||
governments and corporations to monitor their online interest and activities.
|
||||
|
||||
But I'm a little skeptical about online anonymity. I believe that with
|
||||
sufficient time, power, and resources, it's possible to trace everything back
|
||||
to its origin. While this might sound pessimistic, it's a harsh reality we must
|
||||
confront. With advancements in technology and data collection, it has become
|
||||
increasingly easy for governments, corporations, and hackers to track down
|
||||
individuals online.
|
||||
|
||||
Although online anonymity can increase online privacy, it's not a foolproof
|
||||
solution. However, it's always a good idea to use a combination of tools and
|
||||
strategies to maintain online privacy and security.
|
||||
|
||||
[whonix-web]: https://www.whonix.org "Whonix Official Website"
|
||||
[kvm-web]: https://linux-kvm.org/page/Main_Page "KVM Official Website"
|
||||
[virt-manager-web]: https://virt-manager.org/ "Virt-Manager Official Website"
|
||||
[virt-manager-install-yt]: https://www.youtube.com/watch?v=Y01SwRqkX8I "My Virt-Manager Installation Process Video"
|
||||
[whonix-kvm-archives]: https://www.whonix.org/wiki/KVM#Download_Whonix
|
BIN
content/tutorials/whonix-on-kvm/whonix-concept-detailed.jpg
Normal file
BIN
content/tutorials/whonix-on-kvm/whonix-concept-detailed.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 131 KiB |
BIN
content/tutorials/whonix-on-kvm/whonix-network-auto-start.jpg
Normal file
BIN
content/tutorials/whonix-on-kvm/whonix-network-auto-start.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 18 KiB |
Loading…
Reference in a new issue