It is very convenient to have many separate Whonix VMs for compartmentalization, and cloning new ones from a template is very quick. However, I could not find anything in the documentation regarding the correct and safest way to do this in KVM (nor in VB).
I am changing from VB to KVM and here is how I usually set things up:
- Create a template Gateway & Workstation, proceed to harden settings and tweak them to my default liking and never use the template for anything but setting defaults or updating.
- Clone many Gateway and workstation sets for each use case, sometimes simply deleting and cloning a new one to “refresh” them after some time.
In VB I simply right clicked and cloned and set it to “randomize mac” in the menu.
Was this good practice in VB? How might something similar be done in KVM?
My experience so far with KVM is that I set up a template and spent awhile configuring it, upon cloning it using the gui interface and not messing with any networking settings, ALL whonix vms suddenly were unable to complete whonixcheck and connect to the network, it is stuck on tor circuit: not established 2% done including the original template, I deleted the clones and tried to use the template but it is still not connecting.
So to restate the purpose of this thread: What are the correct ways to go about managing a Whonix template and clones step by step, how do you do it and are there is there anything missing in this process that could improve your workflow? Perhaps we can document this.