Hello, I need to disable DHCP in Whonix, I have static IP on my host but running htop on my host shows dnsmasq is being ran with a “DHCP ip lease script”, which has the path to a binary with name “libvirtd_lease_script”. dnsmasq config file has DHCP disabled so the one running the binary is actually libvirtd, I managed to stop it by simply renaming the binary to “test” and killing dnsmasq
Now the problem is I am not sure if DHCP is disabled in Gateway, and most importantly that there were no leaks by me fiddling around with dnsmasq, so my question is actually 2 separate questions:
How to absolutely make sure that there are no leaks from Whonix ? is there a list of standard tests used by you to ensure that there are no leaks?
@Patrick@HulaHoop I would like to add that I am an activist and live in a country that is worse than North Korea, a big tool that I depend on to continue living is Whonix.
Reason why I need to disable DHCP is closely related to the activism I know it does not makes sense but I am not allowed to explain it here
And reason why I need to ensure there are no leaks is because my life literally depends on there being no leaks, this is not about going to prison but life or death situation so please any help related to the 2 questions above would be massive thank you
There’s no absolute security anywhere. Best available is:
See also:
This documentation is a crash course in anonymity and security on the Internet. Whonix ™ is a technological means to anonymity, but staying safe necessitates complete behavioral change; it is a complex problem without an easy solution. The more you know, the safer you can be.
Then even learning about these tools would be dangerous. Be careful. I am not sure any software based solution can help you if the stakes are that high.
Note: I am not a maintainer of Whonix KVM so I cannot answer the main question.
Thanks for leak tests page but I am still in a tight situation due being unsure if DHCP is really disabled or no and thus still trapped and cannot use Whonix for anything sensitive.
Do you know when will @HulaHoop will answer my question?
I made sure that Whonix KVM does not run or need DHCP in any way shape or form to function. That is why you need to also import an extra external network settings file since all IPs are static and hardcoded.
Thanks for clearing that out! But why does dnsmasq run with this libvirtd “DHCP lease script” (that is actually a binary) ? While we are at it would be nice to clear out why is dnsmasq is needed as well (separate questions)
I don;t know the details of dnsmasq’s functionality, but I have confirmed from sources in documentation and technical forums that a very limited subset of functionality of dnsmasq is being exposed to libvirtd. dnsmasq is what the KVM team settled on to handle DHCP leases and DNS request resolution.
It is needed for the normal functioning of the default NAT network that Kicksecure or other generic distro VMs use to connect. The fact that it’s installed has no bearing on the code running within Whonix and cannot be abused to unmask you. Gutting it out would require a lot of manual reconfiguratoin of the VMs and host to restore connectivity and is beyond the scope of Whonix support.
I mentioned earlier that I am not allowed to tell you why I need to disable DHCP but it is very important. I also mentioned that I am not using DHCP on my host so manual reconfiguration is limited to I guess only Gateway so it shouldn’t be out of scope? Any pointers will help
Didn’t you say it is possible to have dnsmasq removed but requires alot of manual reconfiguration? I am confused