We need more testers of Whonix 11. If you haven’t tried 11 yet, because you are unwilling to take the risk of making significant changes to your existing Whonix (stable, perfect) setup, this guide is for YOU!
This guide appiles to existing users of Whonix who wants to help us test Whonix 11, which is the first release based on Debian Jessie, instead of Wheezy (Whonix-10, and earlier).
As Jessie represents a major change for Debian, I recommend all users perform a clean install of Whonix 11, as opposed to upgrading from Whonix 10.
On VBox, adding Whonix 11 to your list of VMs is a trivial exercise. During the Gateway*.ova import process, when the System Description window pops up, change the name of the VM to something with ‘11’ in it, so you’ll know later which of the two Gateways you want to use. You can also rename the *.vdi file to be created with some unique name. Obviously, repeat the steps for the 11-Workstation.
Most importantly, for KVM users, this guide will show you how to add a Whonix 11 network, and create a new domain without impacting your existing Whonix 10 installation.
On KVM, adding Whonix 11 to your list of existing VMs is also a trivial exercise, but a tad more involved.
First, edit the Gateway-11*.xml file and change the:
Whonix-Gateway
to something unique with 11 in it, so you can keep both Gateways straight later. I also change the qcow2 file name to something more pleasing and unique on this line:
Save your changes, and save the file to a different filename if you prefer.
You can now create your new Whonix 11 Gateway domain by running something like:
virsh -c qemu:///system define ~/Whonix-Gateway-My-Modified-11*.xml
Now you can repeat those steps you just did for the Gateway, for the 11-Workstation, and finally, create its domain.
virsh -c qemu:///system define ~/Whonix-Workstation-My-Modified-11*.xml
Your existing network should look like this:
virsh net-list
Name State Autostart Persistent
default active yes yes
Whonix active yes yes
I’ve never been sure whether folks understand this, because the Whonix KVM instructions don’t even address this critical matter.
When you run ifconfig, it should show, in addition to your physical network hardware and lo, virbr0 and virbr1.
default (NAT NIC) controls virbr0, and Whonix controls virbr1 (Whonix NIC). Therefore, we need to add a Whonix 11 network, which will control virbr2 (Whonix 11 NIC).
To accomplish this, edit your Whonix_network-11.xml file so it matches mine:
Whonix-11Save your changes. Now run something like:
virsh -c qemu:///system net-define ~/Whonix_network-My-Modified-11.xml
followed by:
virsh -c qemu:///system net-autostart Whonix-11
and:
virsh -c qemu:///system net-start Whonix-11
Now you can move or copy your Gateway-11 and Worskstation-11 qcow2 images into
/var/lib/libvirt/images.
At this point, you should reboot your host system.
Now re-run virsh net-list, and you should see:
virsh net-list
Name State Autostart Persistent
default active yes yes
Whonix active yes yes
Whonix-11 active yes yes
Now edit the NIC details of your new Gateway-11 domain. Ensure NIC #1 is pointed at NAT, and NIC #2 is pointed at your new Whonix-11 network.
In the new Worskstation-11, also ensure its NIC is pointed at your new Whonix-11 network. This also holds true for any other KVM OS you might be running behind the new Gateway-11.
That’s it folks. I know this approach works, because I use the 10-Gateway and the 11-Gateway every day in both KVM and VBox.
BTW: Concerning VBox, I’m running the 9 July 2015 release of VBox 5. All Whonix VBox users should take advantage of the brand new Disk Encryption support offered (only) in VBox 5, and us old-school LUKS guys will keep on LUKKING! : 8)
P.S. Patrick - check your email - and respond. ;D
Edit by Patrick:
Changed title to better reflect this is an how to rather than question.