Connect USB Wi-Fi Adapter to Whonix Gateway in VBox

sakocfhn0 · 2016-04-18 13:46:35 UTC

Hi guys. I have this question for you:

I want to use a separate network connection for Whonix Gateway (in Virtualbox) instead of the standard NAT translation from the host. How can I connect an USB Wi-Fi Adapter (with its own Internet connection) only accessible by the Whonix Gateway?

I guess that I should disable the Adapter 1 (NAT) from Vbox Gateway, Network settings, then enable USB controller on the Gateway, plug the USB Wi-Fi adapter and connect to the Wi-Fi Internet inside the Gateway?

But how does the gateway knows how to handle the Internet from within? (because I guess it is preconfigured to handle the #1 adapter NAT). Should I make some changes to the firewall to make it work, or it will detect Internet connection automatically and just work out of the box?

Thanks for support. I can give you more specific if it is needed to solve this.

Ego · 2016-04-18 14:07:07 UTC

Good day,

Depends on the host. Under Debian, it’s enough to change networking from NAT to Bridge and selecting Eth1, as that is how USB network adapters are usually recogniced under Debian. However, this in general is not so much a Whonix, as a VBox question.

Have a nice day,

Ego

entr0py · 2016-04-18 17:34:25 UTC

As you know, if you passthrough the USB device to the Gateway VM, it most likely will not be recognized as eth0. This makes things difficult because…

Whonix is hard-coded (hard-scripted) to use eth0 as its external network adapter. That means you either have to change relevant Whonix scripts to expect wlan0, ethX, etc instead of eth0. (This is easier to do at build-time because all of the scripts are in the same directory.) Alternatively, (untested by me) you could play with udev rules to change the usb adapter name to eth0.

Easiest option is to follow Ego’s advice and install the usb adapter to your host.

sakocfhn0 · 2016-04-21 12:46:53 UTC

If I change the network adapter #1 from NAT to Bridged (USB Adapter), that means that I still have to first connect to the Wi-Fi from the host OS (i.e. Windows) and as a result, both the host OS and the Whonix Gateway will have Internet connectivity.

I want to avoid the host being connected to Internet at any time, only the Whonix Gateway should have Internet connectivity. Is there any way I can accomplish this on the host OS using some kind of firewall?

I have actually connected the USB Wi-Fi Adapter via VBox to the Gateway VM, though it seems is it not recognized automatically by Whonix Gateway as wlan0 or as any wireless adapter. Maybe Whonix Gateway is stripped down and I have to manually install the drivers for the adapter? Normally, most Linux distributions including standard Debian, recognizes this USB adapter I was trying with. Not even manually installing the driver did not work, since there were some gcc compiler errors.

From what I’ve read it seems udev might do the trick, but first the USB Wi-Fi Adapter should be recognized as wlan0. Unfortunately it isn’t; explained above…

If directly connecting the USB Wi-Fi Adapter to the Whonix Gateway VM is difficult to achieve, this idea might work:

create a separate pre-gateway VM (Linux/Windows) for the sole purpose of connecting the USB Adapter and connecting to the Internet.
link the pre-gateway VM Network Adapter to the Whonix Gateway VM Network Adapter #1 (via some kind of internal network maybe?)

Can you please help me with linking the two networks, so the Whonix Gateway would have Internet connectivity from the pre-gateway VM?

Ego · 2016-04-21 12:51:54 UTC

Good day,

You need to deactivate the “VirtualBox Bridged Networking Driver” so your host can’t access it any longer.

Have a nice day,

Ego

sakocfhn0 · 2016-04-21 12:57:11 UTC

@Ego: I have edited the above post with more details. If you can reply on that, it would be nice.

As for the “VirtualBox Bridged Networking Driver”, if I disable it, would I still have to connect to the Internet on the host OS, though only VBox will make use of the connectivity? Or how does this actually works?

Ego · 2016-04-21 15:36:41 UTC

Good day,

No, under such circumstances, your WLAN-USB-Adapter would only be accessible via the Gateway for the duration of use.

In regards to whether or not Whonix has some removed drivers compared with Debian, as far as I can tell, this is not the case, though someone like @Patrick who knows the code better would have to clarify this.

Have a nice day,

Ego

Patrick · 2016-04-21 15:42:02 UTC

As per https://www.whonix.org/wiki/Support#Free_Support_Principle… Do
you know how to get the WLAN-USB-Adapter to work with Debian (in a VM or
a host) using ifupdown (cli)? If yes, you know most on how to do it
using Whonix, since it’s based on Debian.

There are no removed kernel drivers in Whonix, but other distributions,
perhaps even Debian, might install more WLAN-USB-Adapter driver packages
by default so it would be a matter as finding out which is the missing
one and installing it.

Setting up WLAN-USB-Adapter on Debian can be difficult depending on the
hardware. That’s why you have to figure that out yourself first as per
https://www.whonix.org/wiki/Support#Free_Support_Principle.

entr0py · 2016-04-21 19:20:22 UTC

Qubes OS makes this easy and fits your requirements (host has no connectivity through wifi if you choose). However, you still need to get your adapter working in a linux distribution first.