Error building Whonix gateway on physical hardware

Tested with gateway 14.0.0.5.5.

Run:
sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install firmware-amd-graphics firmware-misc-nonfree firmware-realtek xserver-xorg-video-amdgpu xserver-xorg-video-ati xserver-xorg-video-radeon xserver-xorg-video-r128 xserver-xorg-video-mach64 macchanger

Change the config from eth0 in /etc/network/interfaces.d/30_non-qubes-whonix to the one you need i.e. setting the right address and gateway. Change /etc/resolv.conf respectively.
In /etc/network/interfaces.d/30_non-qubes-whonix you should maybe add the following lines below the eth1 config:
pre-up macchanger --mac=08:00:27:fc:cf:1b eth1
post-down macchanger -p eth1

so it looks like the mac address from virtualbox. Reason is here:

In /etc/whonix.d/30_whonixcheck_default.conf change
WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER=“0”
to
WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER=“1”

You maybe want to create the file /lib/udev/rules.d/70-persistent-net.rules with the following content (all in one line):
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:11:22:33:44:55", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

(change 00:11:22:33:44:55 to the mac address of the interface which connects to your upstream router)
This is not always required depending on how the interfaces come up on your system.

Power off the machine.
Convert the image from vmdk to raw:
sudo qemu-img convert -O raw “/path/to/vmdk” “/path/to/Whonix-Gateway-raw.img”

Burn it to a disk with the appropriate size (>100 GB) using your favorite utility. I used gnome-disk-utility. Also
sudo dd if=“/path/to/Whonix-Gateway-raw.img” of=/dev/sdb bs=1M
should work.
Change /dev/sdb to the name of your hard disk and don’t kill your main OS with dd :wink:

Boot it and hope for the best. On the workstation I changed the network to bridged and connected the cable to the gateway.
I tested it on several machines which are not that new anymore and don’t have efi. Each one booted fine but depending on your hardware you might need other drivers, a newer kernel or grub-efi.

1 Like

Changing that file is discouraged. /etc/whonix.d/50_whonixcheck_user.conf would be better.

Thanks, Algernon. Does it boot on any RasPi or Beagleboard machines?

No, you would need to build images from source for those boards. Take a look here: Whonix for arm64 / Raspberry Pi (RPi) - #17 by Algernon
Depending on your board you need a different architecture like armhf or armel.

Thanks for this post @Algernon, but I am unable to find the packages (firmware* and xserver*) should I add other repos for that?

What are the packages you could not find?

firmware-amd64-graphics is a typo, it should be just
firmware-amd-graphics. I can’t edit my earlier post, however.
I also did not test if the setup still works in general, though I guess it should. You might also want to try to build the new cli gateway instead.

Something like:
sudo ./whonix_build --target raw --flavor whonix-gateway-cli --build --arch amd64 --kernel linux-image-amd64 --headers linux-headers-amd64

2 Likes

Thanks for the reply. I was frustrated trying out stuff over and over again, ended up crashing atleast two VMs. :wink: but I believe not giving up is the whole point. Let me try both methods again.
@Algernon

That typo has been corrected. Hope you don’t mind.

3 Likes

I didnt had the repos in my debian.list @ /etc/apt/sources.d/.
Added

deb http://ftp.de.debian.org/debian stretch main non-free

and solved the issue for now.
right now ended up with the issue while am talking ,

This is a problem.

Make sure to use Whonix 14.

1 Like

Sure, Let me try with it.

espeakup most likely won’t be causing any issues - no longer included by default in Whonix 14.

I had been using the gateway image I downloaded couple years back. Guess I didnt get the memo :wink:

@Patrick also I am so sad that we still dont have enough contrib in Pi. I am also a Pi enthusiast. Want to contribute into it. Any pointer to where to start?

2 Likes

Well there is this thread Whonix for arm64 / Raspberry Pi (RPi) - #17 by Algernon where it’s easy and fun for me to work with @Algernon. Clever questions being asked, and clean pull requests being submitted. Exemplary. I didn’t try it myself and I am glad someone else maintains it. That also gave the Whonix project better Whonix-Gateway CLI support on the way. Why not read that thread, try out @Algernon’s work and see how it works? That thread should be a good start to see where we are now. Other than that I don’t really know what’s missing. I welcome any work on it since it gets more eyes on Whonix build script and everything. Helps to streamline, clean up, etc.

Part of the work is upstream related.

Do you think you could finish this pull request work?

Do you think you could implement the following in grml-debootstrap?

Not really sure I understood your question and answered it.

This is great. I will add a friend of mine, ferrit. He is a Pi Wizard. Let us see what we could gather. I would really love to see a legendary work like Whonix on a handy thing like Pi.

2 Likes

@Patrick @Algernon Quick question regarding making the VMDK file usable on a hard disk. I reached the point where I have to edit the resolv.conf and 30_non-qubes-whonix file. I am just confused what should I change the resolv.conf into. I see
nameserver 10.137.7.1 and 254.

Guys,
Any help on this? @Algernon @Patrick

Normally it depends on your upstream router what you put in there. For VirtualBox it would be 10.137.7.1, in most cases it would something like 192.168.0.1 or 192.168.1.1. As said, depends on your network. For Whonix you can also use 127.0.0.1 or nothing at all. Dunno if it breaks something, normal networking seems to work.

2 Likes

Great, last puzzle solved. Onto writing the image :smiley: Will come back with more doubts :smiley: @Algernon