entr0py,
I’m looking for a secure yet as close as possible to an out of the box solution, I can’t spend a year studying security.
I found two projects which could satisfy my requirements: “Onion Pi”, and “Safeplug”, for the Raspberry Pi. I’ll try to set it up on a PC running Debian. Will it be secure though?
EDIT: I tried to debug the Gateway some more and looks like the NIC for eth1 was causing the troubles. I replaced it and now the new NIC appears as eth2 in ifconfig though. Anyway looks like it’s working…
Just glanced at the tutorials you linked. They list the bare minimum steps required to get client traffic over Tor so I wouldn’t expect them to be as secure as Whonix. I don’t know all of Gateway’s customizations to vanilla Debian but off the top of my head here are some reasons those DIY projects are less secure than Gateway:
I can’t do without a physical gateway since the OS I’d like to torify fails to start in Qubes (I tried, assumed it’s due to no VT-d).
[quote=“entr0py, post:22, topic:2221”]
Good to hear! You can grep all the eth1’s to eth2 or fiddle with udev rules to assign eth2 back to eth1.
[/quote]GW is working, but WS isn’t, which might be due to the change in ethernet name. In GW ifconfig doesn’t show anything to indicate the eth2 is connected to anything…
What should I grep? I tried dmesg | eth1 but it provides with nothing of value.
VT-d is not an absolute requirement for any OS. VT-x is required for HVM’s, like Windows. System requirements | Qubes OS
eth0 is auto-configured. The Internal Network adapter (here eth2) must be manually configured.
see:
The scripts are well-commented. Read them and change what makes sense. To be honest, best idea might be to re-build the whole thing now that your adapters are working.
I know this isn’t what you want to hear but from my first post in this thread:
Physical Isolation at this point is really a DIY / experimental project and Free Support for Whonix ™ surely applies. Snowden, the noob, used Tails so you could do worse than going with one of the other Whonix platforms.
PS: Rebuild one-more time paying very very special attention to the networking verfication step I linked. If your cards are lined up properly, it all might work without touching a thing.
Gotcha.
Any idea why neare the end of the build script I get all sort of messges such as:
EXT4-fs unable to read superblock
FAT-fs bogus number of FAT structure
ntfs: read_ntfs_boot_sector primary boot sector is invalid
qnx4 no qnx4 filesystem no root dir