I have configured Kicksecure & Whonix VMs in KM, Whonix networking worked fine, but Kicksecure does not seem to have working network access, using the default network. sdwdate and apt-get or anything internet related do not work.
I followed installation documentation exactly as described and utilizing the KVM-Whonix documentation for the steps that were lacking on kicksecure docs.
I think I read in the development forum that networking is not complete in kicksecure for kvm so if it is not suppose to be working you are free to delete this thread I was just under the impression that networking would be working already.
Update: That was working on Manjaro, however using a minimal debian install (no desktop environment or default system tools from netinst) and then installing kicksecure-cli I get no networking in kvm kicksecure or whonix.
What Iāve tried so far:
Installing and enabling the default ufw
Installing proprietary network card driver
sudo apt-get install ebtables iptables dnsmasq
Installing the latest versions of kvm kicksecure & whonix
Is the ādefaultā network running? Check that it is.
Also if that fails, make sure you install all the needed packages listed on the wiki even though they depend on a GUI. I havenāt tested Kicksecure on a headless system. There is only one kicksecure version for KVM that can be used headlessly like Whonix.
To clarify, my host operating system is debian/kicksecure distro morphed together, during the debian installation i used the netinst and installed with no extras (no desktop environment or default system tools) however I installed the dependencies for everything I needed after, including a window manager and xorg.
When I installed kicksecure I used this command as per the wiki page:
However, again to clarify in KVM I am running the regular GUI version of whonix & kicksecure vms. Neither of them are making a network connection in the vm, upon booting the kicksecure vm for example I get the ānetwork disconnectedā error msg popping up and on whonix I get an endless 2% whonixcheck status.
bridge-utils was not installed so I installed it, rebooted and tried again.
I notice now that on the bottom right of the kicksecure-VM where it shows the network status, I could click it and it offers the option āwired connection 1ā
I selected it and it just showed loading and didnāt succesfully connect, I tried running apt-get update while it was doing that and I received the error
Something wicked happened resolving ā127.0.0.1:9050ā (-9 - Address family for hostname not supported)
I think distro morphing broke something in your host networking along the way. Since I am not able to test it, it might be difficul to know what is happening.
I find that it takes a few minutes after booting for the host to connect to the internet, which is not normal on other distros, however after a few minutes I can connect and I only tested these VMs once it was working.
If there are any tests youād like me to run or logs to show Iāll do it but Iād appreciate warning if any of the logs will have sensitive contents.
This issue where the network takes a few minutes to function on the host was also present the last time I distromorph installed kicksecure, and if I recall correctly Iāve never gotten the vms networking to work on a kicksecure host like this, but last install I couldnāt even boot the vms for reasons that Iāve since fixed.
Iām not sure if this is a problem with the kicksecure installation method or if itās related to my hardware, vms worked fine on other distros on this hardware though.
OK all the interfaces exist and are up so thatās not the problem.
Try purging the kicksecure-network-conf package because it can conflict with normal operation of Network manager. Make sure it doesnāt rip out other important packages so networking doesnāt break.
Install wpasupplicant and network manager if you donāt have them.
When I tried to remove kicksecure-network-conf I noticed it was not even installed, so I installed it.
The following additional packages will be installed:
crda dnscrypt-proxy iw libjansson4 libjim0.77 libmbim-glib4 libmbim-proxy
libmm-glib0 libndp0 libnl-genl-3-200 libnm0 libqmi-glib5 libqmi-proxy
libteamdctl0 modemmanager network-manager ppp usb-modeswitch
usb-modeswitch-data wireless-regdb wpasupplicant
Suggested packages:
resolvconf libteam-utils comgt wvdial wpagui libengine-pkcs11-openssl
The following NEW packages will be installed:
crda dnscrypt-proxy iw kicksecure-network-conf libjansson4 libjim0.77
libmbim-glib4 libmbim-proxy libmm-glib0 libndp0 libnl-genl-3-200 libnm0
libqmi-glib5 libqmi-proxy libteamdctl0 modemmanager network-manager ppp
usb-modeswitch usb-modeswitch-data wireless-regdb wpasupplicant
0 upgraded, 22 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,365 kB/10.6 MB of archives.
After this operation, 37.6 MB of additional disk space will be used.
Do you want to continue? [Y/n] Abort.
Rebooted, tested, still didnāt work.
Purged kicksecure-network-conf and rebooted to try again.
Another user is troubleshooting connectivity problems too.
Apparently Debian distinguishes between dnsmasq and dnsmasq-base. Can you make sure both are installed and report back?
So for Kicksecure and Whonix we mask systemd daemons including DHCP to reduce chance of leaks and attack surface. Maybe libvirt depends on it somehow.
I donāt know which of the half dozen systemd network daemons is broken here. Thereās systemd-resolve, systemd-networkd @Patrick what services do we mask?
Try installing isc-dhcp-server and see if that solves it.