Hi, I am running an OS (unraid) that already runs libvirt v.6.5.0 and qemu 5.1.0. My vm´s do run with a solid performance. Virt manager is not implemented.
I did set up a new linux vm to act as the host. I followed the steps in the wiki and everything went fine. But the performance of the whonix workstation is not as solid as my other vm´s. I actually assigned to the linux host 10 cores, 20GB ram and images are located in a nvme. My other vm´s run fine with only 4 cores, 6gb ram and in the same nvme.
I was thinking about creating the whonix gateway and workstation not on the linux vm but directly on my OS. Some cons I guess may be that I will not be on the latest libvirt / qemu or that I must carefully add the virtual networks because other virtual bridges already exist.
But before I go on, I wanted to ask if this is something that can be done or maybe it is not recommended due to some reasons I don´t know yet. Also, maybe someone is using this setup already and can share with me his experience.
I took a different approach since it is in my test environment anyway. I had to test to build the vm gateway and the vm wortkstation on top of unraid´s kvm.
I soon realised virtualizing both (whonix gateway and ws) on top of a vm is a waste of resources.
I successfully managed to use unraid´s kvm to build both whonix gateway and ws. I also tested an additional windows vm connected to whonix gateway. No virt-manager needed.
I am using virbr1for gateway(whonix-extenal) and virb2(whonix-internal) for ws1. Will be interesting to isolate from host a NIC and assign it to the gateway + ws´s. Maybe in a future.
Pros:
fast, fast, fast … incredible performance of both vm´s (gateway: 1 core + 1gb ram; ws1 (linux): 4 core + 4gb ram; ws2(w10): 4 core + 6gb ram.
passthrough of devices (for example a usb) becomes so easy
flexibility (virsh + libvirt functional)
I use existing resources of my previous setup
Cons:
xml can only be edited manually, if any change is done via GUI (not manually) all previous parameters copied from original whonix template are changed … be aware!
xml needed some modifications to work
If you guys want to have a look at the xml´s let me know. Maybe there is something I have overseen.
Just wanted to let my 2 cents on this…could not find any info about it before. Now it´s time to learn to use whonix properly.
I’d like to know if there is anything that differs from the wiki’s KVM setup howto.
Also, did you use encrypted containers for the image files ? At least, for the workstation vm ?
I followed the standard wiki for KVM in whonix´s official web.
Also, regarding the network setup, I got the confirmation it was possible from here: unraid´s forum: “how-to-create-a-virtual-nic-for-internalisolated-use-only/”.
Same steps as in whonix´s official wiki. Only xml needed minor editing.
Important:
-do not overwrite the pre-existing virbrX in host(unraid)
-this command is not needed sudo virsh -c qemu:///system define Whonix-Gateway*.xml since I use unraid´s gui for vm creation. I only need to create a “custom” xml and paste the original one from whonix website.
Then I did this modifications in th xml:
more ram added: <memory dumpCore='off' unit='KiB'>1048576</memory>| <currentMemory unit='KiB'>1048576</currentMemory>|
I also can confirm that the whonix-ws passthrough of an usb hub (isolated from host) works fine. It is done by adding this to the xml: <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x0c' slot='0x00' function='0x3'/> </source> </hostdev>
I tested it with plugging in an usb-key and worked as in baremetal.
This does not follow the recommended standards of the wiki, since it opens a risk from plugging in anything in the usb-hub. I needed it in my setup.
I finally decided to give it a try.
What did you use as Whonix_external*.xml / Whonix_internal*.xml ?
Trying with the default ones is failing at the moment.
The gateway VM is starting, I can connect through virsh serial console, but there’s no WAN connectivity, and no public LAN either so no VNC.