Thanks Patrick, but I still get Network is unreachable when I ping ip’s, even internal ones like the router’s. It doesn’t even get an ip from DHCP.
My question then is how can I isolate the problem? Everything looks right and after running dozens of commands by trial and error at some point I could ping 10.0.0.1 … could be something in Whonix ?
I reinstalled the GW from scratch, after doing the required changes in /etc/network/interfaces I can ping the gateway, but I keep getting “tor.pid does not exist”.
For debugging I removed the second NIC and minimized the config file /interfaces.d/30_non-qubes-whonix for to only include:
iface lo inet loopback
iface eth0 inet dhcp
I still get tor.pid doesn’t exist.
I installed it from source because I didn’t see a pre-built image download option.
Since the documentation page says physical GW isn’t being maintained and the project focus moved to Qubes, would it be possible to do a similar physical isolation using qubes-whonix for the physical gw?
I’m not sure what it has to do with what I’m dealing with, physical GW is connected to Tor, and the host machine is a fresh default linux install without anything including Whonix installed in it.
PS does it achieve stream isolation similarly to Whonix in in the same host?
Patrick is saying to remove whonix-specific features from gateway (like firewall) so you can test connectivity without complicating factors. (for example, to ping).
If you had to flip interfaces around at build time, then you might have missed some config files. grep for those. Otherwise, it’s just a standard network config in ws-host. use debian GUI. also, make sure internal network eth has proper settings in gateway.
IIUC it can but not by default. There are no uwt wrapped applications or pre-configured socks proxies in a ws-host. Host traffic will travel through transPort by default.
OK, the GW doesn’t have networking again and it’s getting frustrating. Is there a command which will effectively torify eth1 through a Tor service ? I hope I’m explaining this properly, I want to make my own Gateway of sorts by tunneling eth1 to the Tor’s socks port.
You can get some ideas by searching “How to build a Tor Router”.
Not sure that building your own is going to be any easier, and probably not as secure as Whonix.
I know you said you don’t have VT-d capable hardware but even without that, Qubes is still one of the most secure platforms out there. You’ll be vulnerable to DMA attacks but realistically, how high does that rank on your threat model? So many other benefits to using Qubes…