Whonix Wiki Download Docs News Support Tips Issues Contribute DONATE

Kicksecure Network Configuration

Is that all that is required to make dhcpcanon work?

This might even work since we had that in Whonix 9 (not sure when we stopped DHCP for Whonix).

https://github.com/Whonix/whonix-gw-network-conf/blob/Whonix9/etc/network/interfaces.whonix

Yes.

  • I guess could make Kicksecure KVM work and if we’re lucky doesn’t break Kicksecure VirtualBox.
  • And I guess that also doesn’t block a later complete Kicksecure host network configuration (network manager…).

Works? Doesn’t break DNS either? Tested?

I hope this is going to be easy and not require any changes in https://github.com/Whonix/Whonix/blob/master/build-steps.d/2600_create-vbox-vm because then could take time until this is figured out.

Pretty much

Connections work normally.

11 posts were split to a new topic: Selecting Secure Packages from packages.debian.org

Split the discussion on the security of dhcpcanon and the more general question of which packages from packages.debian.org are suitable and if it would be possible to have a better policy to a separate forum thread, see:


Merged. Not yet tested.

2 Likes

https://github.com/juga0/dhcpcanon/issues/32#issuecomment-601028444

1 Like

Anyone up to implement host / network manager / WiFi support too?

2 Likes

I will take a crack at it though I have no means to test the end result on baremetal so I’ll enlist our onion in shining armor @onion_knight to help us out here. Maybe all we’ll need is a USB WIfi stick to test this in a VM.

I believe all that’s needed is network-manager-gnome for it to work? (I assume we’ll be shipping a kernel with the required wifi modules and firmware included) Just checked and it pulls in wifi related stuff like wpasupplicant.

1 Like

Yes, for now standard Debian kernel.

Dunno. But one thing… Please always assume --no-install-recommends.

sudo apt install --no-install-recommends network-manager-gnome
1 Like

with no-install-recommends:

The following NEW packages will be installed:
  libayatana-appindicator3-1 libayatana-ido3-0.4-0 libayatana-indicator3-7
  libbluetooth3 libdbusmenu-glib4 libdbusmenu-gtk3-4 libgck-1-0
  libgcr-base-3-1 libjansson4 libmm-glib0 libndp0 libnl-3-200 libnl-genl-3-200
  libnl-route-3-200 libnm0 libnma0 libpcsclite1 libteamdctl0 network-manager
  network-manager-gnome wpasupplicant

Without:
The following NEW packages will be installed:
crda dns-root-data dnsmasq-base gcr gnome-keyring gnome-keyring-pkcs11 iw
libayatana-appindicator3-1 libayatana-ido3-0.4-0 libayatana-indicator3-7
libbluetooth3 libdbusmenu-glib4 libdbusmenu-gtk3-4 libgck-1-0
libgcr-base-3-1 libgcr-ui-3-1 libjansson4 libjim0.77 libmbim-glib4
libmbim-proxy libmm-glib0 libndp0 libnl-3-200 libnl-genl-3-200
libnl-route-3-200 libnm0 libnma0 libpam-gnome-keyring libpcap0.8
libpcsclite1 libqmi-glib5 libqmi-proxy libteamdctl0
mobile-broadband-provider-info modemmanager network-manager
network-manager-gnome p11-kit p11-kit-modules pinentry-gnome3 ppp
usb-modeswitch usb-modeswitch-data wireless-regdb wpasupplicant

I think we should be OK. The main wifi barebones stuff is included either way. I don’t if dhcpcanon will run into problems without support from the GUI, though it is started automatically anyway and I’ve never seen any simple users playing with DHCP settings let alone know what it is.

1 Like

Btw… Generally…

apt-cache show network-manager-gnome

Look for:

Recommends: notification-daemon, gnome-keyring, mobile-broadband-provider-info, iso-codes

and/or https://packages.debian.org/buster/network-manager-gnome rec:

1 Like

I learn something new everyday :smiley:

1 Like

Does this belong in the kicksecure-network-conf package too?

1 Like

For now, yes.

(I will later create a kicksecure-network-conf-gui package to refactor that out but that has time.)

1 Like

Let me know when you have a buildable branch with these changes. New releases are overdue with Tor’s new DoS fixes

1 Like

Maybe this could help you; this is a list of required dependencies and recommendations from this exact package on an Ubuntu system I maintain:

network-manager-gnome (requirements and recommendations)

Required Dependencies:
libappindicator3-1
libatk1.0-0
libc6
libcairo2
libgdk-pixbuf2.0-0
libglib2.0-0
libgtk-3-0
libjansson4 (various versions depending on distro)
libmm-glib0 (various versions depending on distro)
libnm0
linnma0
libnotify4
libpango-1.0-0
libpangocairo1.0-0
libsecret
libselinux
dconf-settings-backend, gsettings-backend
network-manager
policykit-1-gnome
dbus-session-bus

recommends:
notification-daemon
gnome-keyring
mobile-broadband-provider-info
iso-codes

2 Likes

dhcpcanon systemd unit fails at boot due to missing debhelper apparmor integration
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956626

2 Likes

Will remove dhcpcanon because broken anyhow. And no reaction from upstream.

Also dhcpcanon is not integrated with NetworkManager therefore not used anyhow.


Will also remove ifupdown configuration file /etc/network/interfaces.d/30_kicksecure because we’re now using NetworkManager and having that config file would make eth0 unmanaged by NetworkManager.

If anyone has better ideas for Kicksecure host network configuration let me know.


related:

What about?

?