I am trying to make Whonix Gateway use a USB network adapter as an external network, instead of standard eth0 created by VirtualBox.
I have enabled USB controller for the gateway VM and connected the device, so a new network interface appeared in the gateway VM: “usb0”. Now I need to configure gateway to use this interface as an external network, instead of “eth0”. How do I do that?
I tried editing /etc/whonix_firewall.d/50_used.conf (almost a blind guess) – did not work.
Did you change anything else? Like removing the original network interface (eth0)?
How does /etc/whonix_firewall.d/50_user.conf look like?
Output of ifconfig?
Make sure you have only two interfaces i.e. the USB ethernet adapter and the interface for the internal network. Remove the original external interface from Virtualbox.
Then check the interface names in Whonix. If the adapter still comes up as usb0 then eth1 is now probably eth0 (not sure about that) and networking won’t work. If editing the config file does not work then you can try to rename the interfaces as per networking - renaming network interface with systemd - Super User
i.e.
create a file like /etc/systemd/network/80-eth0.link :
When I removed external network interface from the VM, the former ‘eth1’ became ‘eth0’, and the system complained that ‘eth1’ is down.
Editing config files would probably work, the problem is: I do not know which files to edit. I suppose this must be something in TOR configuration, and it must be an easy change. Renaming network interfaces looks like an overkill.
The “50_used.conf” file was initially empty. It is just an override for system firewall config. I added: EXT_IF="usb0" Did not help. I think it is just not the right place to change…
When the original 2 network interfaces are on + I connect the usb one, then ls /sys/class/net shows me: eth0 eth1 lo usb0, but ifconfig does not show the usb interface at all. Maybe this is a clue?..
I searched the soure code at GitHub for “eth0”. The only seemingly relevant result is in ’ help-steps/grml-debootstrap’:
allow-hotplug eth0
iface eth0 inet dhcp
Searching to live gateway system I found similar lines in /etc/network/interfaces.d/30_non-qubes-whonix
This looks like network bootstrap configuration. I am going to try fiddling with it…
Ok, I have edited /etc/network/interfaces.d/30_non-qubes-whonix
Commented the following lines:
auto eth0
iface eth0 inet static
*... and all the static config here*
Added following:
allow-hotplug usb0
iface usb0 inet dhcp
Rebooted.
Now I can see my usb0 interface in ifconfig output – one step closer to the win.
But now the system complains that eth0 is down and does not connect to TOR.
There must be something more to change…
usb0 now gets an IP I guess?
You still need to change at least the user firewall config file. Or if this does not help maybe the config file directly (i.e. 30_whonix_gateway_default.conf), but try /etc/whonix_firewall.d/50_user.conf first.
Then restart the firewall: sudo whonix_firewall
Check the firewall rules with: sudo iptables -vnL
If it loaded succesfully it should show lots of entries.
There might be other files which require a change, however, I can’t (and you probably neither) grep through the whole source code currently because git cloning fails with:
fatal: No url found for submodule path ‘packages/hardened_malloc’ in .gitmodules @Patrick
You can try to clone each submodule or wait for a fix or use the github search function at Whonix · GitHub (needs an account at github to see results in the source code)
fatal: No url found for submodule path ‘packages/hardened_malloc’ in .gitmodules @Patrick
You can try to clone each submodule or wait for a fix or use the github search function at Whonix · GitHub (needs an account at github to see results in the source code)
But now the system complains that eth0 is down and does not connect to TOR.
That is whonixcheck. To be found in the source code when grepping for eth0. A test which hardcodes eth0. Not great, but also not a blocker to
achieve what you want since you could either change this in the script
or disable the test or even just ignore it. The error message from that
test result even comes with instructions how to disable that test.
I have edited /usr/lib/whonixcheck/check_network_interfaces.bsh, commenting out the lines that check explicitly for eth0 carrier.
Now whonixcheck at the gateway works and even reports that I am connected to TOR! Yay! And I can see the network activity goes through USB. Now my setup seems to work.