New Announcement: Qubes + Whonix is now available!

[whoni...@mail2tor.com]

With the help of several kind people in the Qubes & Whonix communities, I
have successfully integrated the Qubes + Whonix operating systems
together.


For those who would prefer Whonix as an alternative to TorVM in Qubes,
this option is now available to you.

This initial Qubes + Whonix configuration is achived using current versions:

- Qubes R2rc2 & Whonix 8.2

Qubes + Whonix currently exists as a customized dual HVM configuration:

- Whonix-Gateway HVM + Whonix-Workstation HVM


A simple networking setup for Qubes + Whonix would look like:

- NetVM <- FirewallVM <- Whonix-Gateway <- Whonix-Workstation

Where, for example, the Whonix-Gateway conceptually replaces TorVM as your
Tor ProxyVM, and Whonix-Workstation conceptually replaces your standard
AppVMs (AnonVMs).


You can get the Qubes + Whonix step-by-step instructions and more info here:

https://www.whonix.org/wiki/Qubes


All suggestions and feedback are welcome!

I look forward to helping make Qubes + Whonix integration even tighter and
more seamless throughout the future.

If you're interested in the future growth of the Qubes + Whonix platform,
then please join in with us to actively further this goal.

For example, when ProxyVM support is added to the Qubes Debian Template,
we can take Qubes + Whonix beyond the current HVM limitation and utilize a
naitive ProxyVM + AppVM setup for Whonix.


Thank you again to everyone who helped me bring the first known successful
Qubes + Whonix configuration to the world...

Patrick, Joanna, Marek, Jason, Axon, cprise, and everyone else who has
helped! Thank you! :)


P.S. Qubes + Whonix 9 support is coming soon!

[Joanna Rutkowska]

Thanks for your efforts, <whatever your name is>!

I think the next step should be making sure this all could work easily
out of the box with just a few clicks from the user. I think the
installer (firstboot) should give an option to create the necessary
service VM (either Whonix Gateway or TorVM, perhaps offering a choice)
and an AnonVM *template* (based on Whonix Workstation, ideally if we
could have it as PV, but we support HVM templates too).

Thanks!
joanna.

[whoni...@mail2tor.com]

> Thanks for your efforts, <whatever your name is>!

You are very welcome, Joanna. Thank you!

> I think the next step should be making sure this all could work easily
> out of the box with just a few clicks from the user. I think the
> installer (firstboot) should give an option to create the necessary
> service VM (either Whonix Gateway or TorVM, perhaps offering a choice)
> and an AnonVM *template* (based on Whonix Workstation, ideally if we
> could have it as PV, but we support HVM templates too).

This would be pretty awesome and is what I was ultimately hoping to
inspire for the future!

Patrick recently mentioned to me that the Whonix Pre-V.9 code is now
Debian Jessie compatible. So, with ProxyVM support added, the existing
Qubes Debian Template could potentially serve as an underlying "base OS"
to use for Whonix PV integration.

I'm happy to further discuss any technical details for achieving this goal
and am willing to help out with development where I can.

[cprise]

On 08/29/14 10:35, whoni...@mail2tor.com wrote:
> With the help of several kind people in the Qubes & Whonix communities, I
> have successfully integrated the Qubes + Whonix operating systems
> together.
>

> [...]

I can't wait to try this!

[whoni...@mail2tor.com]

> I can't wait to try this!

Happy to hear it, cprise!

Looking forward to any hearing about any insights or feedback you have
with Qubes + Whonix.

[Axon]

whoni...@mail2tor.com:

Congratulations, WhonixQubes, and thank you for all of your hard work!
This is great news. I've added links to the the instructions on the
UserDoc and TorVM pages.

[qubes...@safe-mail.net]

How many more lines of code do we need to trust to trust Whonix?

How many more developers?

Seems like a very juicy place for bad code to be. Has Joanna inspected the code?

I'm sorry to be so paranoid but I feel like we need to be paranoid when it comes to
torVM.

[whoni...@mail2tor.com]

> Congratulations, WhonixQubes, and thank you for all of your hard work!
> This is great news. I've added links to the the instructions on the
> UserDoc and TorVM pages.

You rock, Axon! :)

[whoni...@mail2tor.com]

I won't attempt to specifically answer these important questions myself,
but just wanted mention a couple related tidbits of info:

Patrick's "Trust" page might be good reading:

https://www.whonix.org/wiki/Trust

Also, as mentioned on the Qubes instructional page, I am going to soon
publish a guide for building Qubes + Whonix with Whonix source code. I've
already done this myself and am working on documentation now.

Will be published here soon:

https://www.whonix.org/wiki/Qubes

Because, personally, as mentioned in the "Trust" document by Patrick, I do
not want to have to trust Whonix binary images.

Also, while I haven't thoroughly assessed Whonix source code yet, the
times I've glanced at it, show that it is mainly just a lot of simple
shell scripts and config files for getting Debian and Tor working together
and tailoring the environment for security.

However, your paranoid mindset is well shared, qubeslover.

[whoni...@mail2tor.com]

FYI:

As of today...


Patrick posted this Qubes + Whonix announcement on the official Whonix blog:

- https://www.whonix.org/blog/whonix-qubes


The Whonix Forum now includes a dedicated Qubes board:

- https://www.whonix.org/forum

- https://www.whonix.org/forum/index.php/board,16.0.html


As proposed by Patrick, I am now to be the official maintainer of Qubes +
Whonix over in the Whonix community:

- https://www.whonix.org/forum/index.php/topic,476.0.html


Exciting times for Qubes + Whonix project!

Let's all continue improving the integration of this combined platform,
together. :)

[gor...@gmail.com]

> I think the next step should be making sure this all could work easily
>
> out of the box with just a few clicks from the user. I think the
>
> installer (firstboot) should give an option to create the necessary
>
> service VM (either Whonix Gateway or TorVM, perhaps offering a choice)

> joanna.

Or an option to install both? Since nothing is totally secure in computing, being able to use a variety of anonymous surfing VMs could help cyber victims stay even safer. It could also be useful for a comparison of the anonymous VMs for effectiveness / ease of use.

[Marek Marczykowski-Górecki]

On 29.08.2014 16:35, whoni...@mail2tor.com wrote:
> With the help of several kind people in the Qubes & Whonix communities, I
> have successfully integrated the Qubes + Whonix operating systems
> together.
>
>
> For those who would prefer Whonix as an alternative to TorVM in Qubes,
> this option is now available to you.
>
> This initial Qubes + Whonix configuration is achived using current versions:
>
> - Qubes R2rc2 & Whonix 8.2
>
> Qubes + Whonix currently exists as a customized dual HVM configuration:
>
> - Whonix-Gateway HVM + Whonix-Workstation HVM
>
>
> A simple networking setup for Qubes + Whonix would look like:
>
> - NetVM <- FirewallVM <- Whonix-Gateway <- Whonix-Workstation
>
> Where, for example, the Whonix-Gateway conceptually replaces TorVM as your
> Tor ProxyVM, and Whonix-Workstation conceptually replaces your standard
> AppVMs (AnonVMs).
>
>
> You can get the Qubes + Whonix step-by-step instructions and more info here:
>
> https://www.whonix.org/wiki/Qubes
>
>
> All suggestions and feedback are welcome!

1. The way you've created network connection doesn't match your intention...
You've created three interfaces to firewallvm ("backend" setting):
Whonix-Gateway(eth0)->firewallvm
Whonix-Gateway(eth1)->firewallvm
Whonix-Workstation(eth0)->firewallvm

So all the traffic goes through firewallvm, only routing setting in
Whonix-Workstation make it going through Whonix-Gateway, but nothing stops the
(compromised) Workstation from sending the traffic directly to the internet,
evading Whonix-Gateway.

The line for Whonix-Workstation should be something like:
vif = [
'mac=XX:XX:XX:XX:XX:XX,script=/etc/xen/scripts/vif-route-qubes,ip=192.168.0.10,backend=Whonix-Gateway'
]

And no change in Whonix-Gateway (it should use default config). Then assign
192.168.0.10 IP to vif* interface, you can use script parameter for that (that
script should be called by udev, if you have xen-utils-common package installed).

If you have problems with such configuration, your solution still could work,
but at least filter out direct internet access from Whonig-Workstation.
Setting it in Qubes Manager (or qvm-firewall) should be enough.

2. Qubes already contains qemu-img tool, under different name: qemu-img-xen.
You can use it to convert disk images.

3. Perhaps the better idea is to use qvm-create --root-move-from, to save disk
space (unless you need the images for other things).

> I look forward to helping make Qubes + Whonix integration even tighter and
> more seamless throughout the future.
>
> If you're interested in the future growth of the Qubes + Whonix platform,
> then please join in with us to actively further this goal.
>
> For example, when ProxyVM support is added to the Qubes Debian Template,
> we can take Qubes + Whonix beyond the current HVM limitation and utilize a
> naitive ProxyVM + AppVM setup for Whonix.

As I've written, ProxyVM can be easily fixed in Debian template. This way
should be much easier to install and manage.

--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

[Manuel Amador (Rudd-O)]

On 09/04/2014 04:41 PM, Marek Marczykowski-Górecki wrote:
> 1. The way you've created network connection doesn't match your
> intention... You've created three interfaces to firewallvm ("backend"
> setting): Whonix-Gateway(eth0)->firewallvm
> Whonix-Gateway(eth1)->firewallvm Whonix-Workstation(eth0)->firewallvm
> So all the traffic goes through firewallvm

I second marmarek's request. Please get this fixed. At the moment a
compromised workstation will leak identifying information. Thanks in
advance.

--
Rudd-O
http://rudd-o.com/

[whoni...@mail2tor.com]

DUH! THANK YOU! This was an oversight.

I originally was trying to get the proper "backend" configuration
implemented, as you described. But it wasn't working for me then. I wasn't
as familiar with the system as I am now, so I will have to give it another
crack.

With the current network configuration where the Whonix-Gateway and
Whonix-Workstation talk to each other through the firewallvm, I meant to
include instructions for cutting clearnet internet access via the Qubes VM
Manager, as that is what I've always done on my own Qubes + Whonix
machine, but simply forgot to include this in my initial wiki
documentation.

So I will add those firewall instructions to the wiki, and also work on
getting the proper "backend" isolation networking configuration
implemented in place of this current merged firewall filtering setup.

I will post update(s) as this very important issue makes progress.

> 2. Qubes already contains qemu-img tool, under different name:
> qemu-img-xen.
> You can use it to convert disk images.

Thanks! I remember this being mentioned to me before. I remember being
unable to locate this tool when I tried. But I will certainly look for it
again and further streamline the install guide if one doesn't have to
install a new package for this capability.

> 3. Perhaps the better idea is to use qvm-create --root-move-from, to save
> disk
> space (unless you need the images for other things).

Thanks! I was personally getting used to using many copies of the image
file in dom0. But a "move" is probably the better default for public user
instructions. I will change and update this.

> As I've written, ProxyVM can be easily fixed in Debian template. This way
> should be much easier to install and manage.

Awesome! I am very much hoping and praying to see ProxyVM capability soon
with the Debian Template. Yes, leveraging the Qubes Debian Template with
ProxyVM support would help to make Qubes + Whonix a much easier platform
to work with. I will certainly check out your other post regarding it.


Thanks again, Marek!

[whoni...@mail2tor.com]

> I second marmarek's request. Please get this fixed. At the moment a
> compromised workstation will leak identifying information. Thanks in
> advance.

Thanks Rudd-O,

Yes, I am jumping on this important issue.

Current fast fix is to deny networking, DNS, IMCP, etc for
Whonix-Workstation in the HVM's Firewall Rules through the Qubes VM
Manager.

I will add these firewall instructions to the wiki documentation.

Then, as previously mentioned to Marek, I will work on getting proper
"backend" networking isolation successfully configured.

Updates to come!

[whoni...@mail2tor.com]

Update:

The Qubes + Whonix wiki install guide has been updated to include firewall
filtering for clearnet internet access by a compromised
Whonix-Workstation.

New Step: "Deny Unnecessary Network Access"

https://www.whonix.org/wiki/Qubes#Qubes_Firewall_Configuration


Next, as previously mentioned, I will also be working on getting proper
"backend" network isolation implemented for the Qubes + Whonix
configuration.

Thanks!

[Attila Horvath]

All

re: announcement, 

Does this include the typical workstation/gateway Whonix architecture currently running under Virtualbox/Debian? Or, does it use current TOR-VM template?

Also, once Whonix HVM is instantiated, does Whonix HVM run Fedora or Debian?

Thx

Attila

[whoni...@mail2tor.com]

Hi Attila,

> Does this include the typical workstation/gateway Whonix architecture
> currently running under Virtualbox/Debian? Or, does it use current TOR-VM
> template?

Yes. It includes the same dual VM architecture as used with VirtualBox &
Whonix.

Whonix-Gateway + Whonix-Workstation

The Qubes TorVM template is not used.

> Also, once Whonix HVM is instantiated, does Whonix HVM run Fedora or
> Debian?

It runs Debian.

Debian comes pre-installed into the Whonix binary images.

I'm also working on getting the additional source code install guide up,
which will be based on using Debian as well.



Let me know if I can further help you with Qubes + Whonix!

[Attila Horvath]

That sounds promising.

Much thx!

[whoni...@mail2tor.com]

> That sounds promising.
>
> Much thx!

Very much welcome, Attila.


Also, once Whonix 9 comes out soon, I will be working on attempting to get
Qubes + Whonix working with the native Qubes Debian template. Once I do, I
will publish an additional install guide for a templated dual AppVM
(non-HVM) configuration.


Beyond that, the milestones would be:

- ProxyVM support in Qubes Debian template and Whonix, for a proper
ServiceVM (Whonix-Gateway) + AppVM (Whonix-Workstation) configuration.

- Deep integration with Qubes installer, for a super easy clickable GUI
setup, as described by Joanna in this thread.

- Maybe a port of Whonix to Fedora packaging as well, since Whonix is
already made to be generic Linux code.


Qubes + Whonix likely has a long and bright future together! :)

[WhonixQubes]

New Annoucement: Qubes + Whonix 9 and more!
===========================================


Since my original release of Qubes + Whonix back in late August 2014, some
interesting developments have happened that I'm excited to share with
everyone!



Qubes + Whonix Primary Sources:
===============================

The primary sources of Qubes + Whonix information are located at:

- User Documentation: whonix.org/wiki/Qubes

- Dedicated Forum: whonix.org/forum/Qubes



Qubes + Whonix Summary:
=======================

First a summary of what Qubes + Whonix is about...

The Whonix OS (whonix.org), based on Debian, like Tails or TorVM, torifies
all of your internet traffic at an OS level, preventing remote leaks of
unique identifiers, such as your IP address, MAC address, hardware
serials, etc, designed with hardcore anonymous threat models in mind.

The Qubes OS (qubes-os.org) is a security focused, user friendly
virtualization platform, based on Xen, which offers hardcore isolation of
your system level resources and VM desktops, even helping to prevent
serious endpoint attacks, such as kernel compromises, BadUSB, Evil Maid,
etc.

Qubes + Whonix is the beautiful marriage of these two hardcore security
and anonymity focused platforms, for the aim of integrating the best in
endpoint security and internet torification. Qubes + Whonix runs as dual
VMs, inside of Qubes, isolating the Whonix-Workstation (user desktop
applications) and the Whonix-Gateway (Tor networking proxy), all within
one single host machine.

Inside Host: Whonix-Workstation --> Whonix-Gateway --> Torified Internet

You can even establish multiple Whonix-Workstations and Whonix-Gateways
for multiple independent and isolated Tor identity environments.



Qubes + Whonix News:
====================

Now on to the news...


----------------------
Whonix 9 Availability:
----------------------

Whonix 9 was recently released which brought several system level
improvements over the prior Whonix 8.2, and helped us further streamline
our Qubes + Whonix implementation.

Qubes + Whonix 9 is now supported and available with step-by-step install
guides here:

https://www.whonix.org/wiki/Qubes


-------------------------------------
New Whonix Source Code Install Guide:
-------------------------------------

In addition to our step-by-step install guide for importing the Whonix
binary images, we now offer a new step-by-step guide for installing from
Whonix source code.

This is a great option for those who would prefer not to trust binary VM
images or who would like to customize their build of Whonix.


-----------------------
New Whonix Qubes Forum:
-----------------------

At the personal request of Patrick Schleizer (Whonix founder), I have
become the official maintainer of Qubes + Whonix for the Whonix community.

Along with this, we have recently launched a new dedicated forum space for
Qubes + Whonix community, support, and development. It is being hosted as
part of the Whonix forums at:

https://www.whonix.org/forum/Qubes

Over the past few weeks, several people from around the world have begun
learning about, installing onto their computers, and getting excited about
the advantages of the newly combined Qubes + Whonix platform.

Feel free to come join us and help improve the Qubes + Whonix platform! :)


--------------------------------
New ProxyVM + AppVM Development:
--------------------------------

My initial port of Whonix to Qubes was only achieved mere weeks ago in
late August 2014. The initial focus then was just on getting it up and
running. It was a barebones implementation which included a number of
compromises. The primary compromise being that I utilized a dual
Standalone HVM (HardwareVM) architecture in Qubes for the Whonix-Gateway
and Whonix-Workstation.

I'm happy to annouce that we have an awesome contributor/developer,
nicknamed "nrgaway", who got inspired after seeing my initial Qubes +
Whonix release and is now actively working to take the architecture of
Qubes + Whonix to the next level.

The optimal Qubes architecture for Whonix is not to use dual HVMs, but,
rather to utilize the native Qubes ProxyVM + AppVM configuration.

Our new hero, nrgaway, is actively working on implementing Qubes + Whonix
as a native ProxyVM + AppVM configuration. The Whonix-Workstation will be
the desktop AppVM that connects through the Whonix-Gateway as a torifying
ProxyVM inside of the ultra secure Qubes virtualization platform.

The big benefits of this new ProxyVM + AppVM architecture will likely be:

- Easy and fast GUI-based setup of new Whonix VMs from pre-configured
templates

- Native integration with Qubes user friendly desktop features, like:
- Native Qubes application isolated desktop windows
- Application shortcut menus in launcher
- Dynamically resizable application windows
- Secure VM-to-VM file move/copy user interface
- Easy GUI-based start/stop of Whonix VMs

We are supporting and cheering nrgaway on in his continued awesome work to
develop this next paradigm shift for Qubes + Whonix that all of us will
greatly benefit from!

You can follow along and join us in furthering this exciting development
work in the Whonix Qubes forum here...

ProxyVM + AppVM Development thread:

https://www.whonix.org/forum/index.php/topic,537.0.html


-------------------------------------------------
Genuine Interest in Offical Qubes OS Integration:
-------------------------------------------------

Joanna Rutkowska (Qubes founder) has much appreciated our Qubes + Whonix
work.

As recently annouced with their Qubes R2 final release, the Qubes team is
now officially working with an esteemed board member of the Tor Project,
privacy expert, Mr. Caspar Bowden, to further the adoption and
optimization of Qubes as a strong platform for privacy services and
applications.

And, along these same lines, Joanna has expressed interest to me for
wanting to integrate Whonix and TorVM as super simple clickable user
experiences, pre-installed and pre-configured, into the official Qubes OS
distro, for easy OS level torification.

Our above mentioned ProxyVM + AppVM development work with nrgaway will
likely be a big leap forward in further realizing this vision of Joanna's
for official integration of Whonix into the official Qubes user friendly
GUI installer.



=======================



So there you have it...

- Qubes + Whonix 9 is now available.

- A new step-by-step source code install guide, along with binay images.

- A new dedicated community forum for the Qubes + Whonix platform.

- A new paradigm of ProxyVM + AppVM architecture is being developed.

- Hardcore Whonix torification may be coming to a Qubes installer near you.


Very exciting times for Qubes + Whonix as a super secure Tor platform!
Join us! :)

WhonixQubes