LiveDVD with minimal Whonix 8.1 Workstation using pfSense as Tor gateway

In this exercise, my goal is a LiveDVD with TBB-like behavior. For the most part, all of the guts (such as the host OS, VirtualBox, and the Tor gateway VM) are kept in the background. After bootup has completed, the user sees the Tor Browser full-screen, with < http://check.torproject.org/ > as home page. However, it’s also possible to access everything normally, and to even install new VMs or whatever. But there’s no easy way to save anything. That would require installing Guest Additions, mounting another partition, and creating and mounting a shared folder.

To create the LiveDVD, I configure a “build machine” (i5 quad-core with 8 GB RAM and 120 GB SSD) as desired, and then run bootcdwrite. The setup for creating the current version (LiveDVD_0.1.iso) is as follows:

host OS: Debian 7.4 x86 with fluxbox desktop and VirtualBox 4.3.10
Tor gateway VM: pfSense 2.1 x86 with tor-0.2.3.25 (0.23 GB VDI)
workspace VM: custom Whonix 8.1 Workstation (1.79 GB VMDK)

From “df -aBM” on the host machine, I get:

/home 2.20 GB [~/VirtualBox_VMs/]
/usr 1.44 GB
/var 0.24 GB
/tmpfs 0.21 GB
/tmp 0.01 GB
/run <<0.01 GB

I’ve configured the host to start fluxbox upon user login. And I’ve configured fluxbox to start both VirtualBox VMs. The pfSense Tor-gateway VM starts headless (with no visible console) and the Whonix Workstation VM starts full-screen. I’ve configured the workstation VM to start fluxbox automatically. And I’ve configured fluxbox to start the Tor Browser full-screen, with < http://check.torproject.org/ > as home page.

Although the pfSense VM is running headless, its WebGUI is available at < https://192.168.0.10 > with username “admin” and password “drowssap”. All management and configuration can be performed using the WebGUI. The only exception is recovery from lockouts, which requires VirtualBox intervention (ACPI shutdown and restart).

The Tor data directory is /var/db/tor, and torrc is in /usr/local/etc/tor. I’ve used all of the settings from the Whonix Gateway, with two exceptions. I’ve changed DnsPort to 1053, because pfSense claims 53. However, pfSense has no DNS server configured, and won’t accept one via WAN. I’ve verified that there’s no LAN<>Internet connectivity except through the Tor process.

Also, I’ve commented out ControlPort, ControlSocket and cookie authentication, because user _tor doesn’t have enough rights to use them. That breaks some things in Whonix Workstation, most importantly (I think) “New Identity” and the rest of “Torbutton”. I’ll get advice on fixing that from pfSense support.

I’ve added menu entries in the Whonix workstation VM to manually start the Tor Browser, and also to shutdown the VM. Shutting down the Whonix workstation VM drops focus to the host fluxbox desktop. I’ve added menu entries there to start VirtualBox, and also to shutdown the host (everything).

Using bootcdwrite, I’ve created a 2.46 GB LiveDVD (LiveDVD_0.1.iso). I’ve verified that it boots in the build machine, and also in a ThinkPad T420 (also with 8 GB RAM). Using the build machine, it takes ~9.2 minutes to reach the Tor Project check page. The initial DVD load takes ~5.6 minutes, and VM startup takes ~3.5 minutes. The system is very responsive after that, except for some lag when starting apps for the first time.

Given 8 GB RAM, the current LiveDVD creates two 3.88 GB ramdisks (each half of total RAM). It loads ~2.1 GB into /ram1, but there’s virtually nothing in /ram2. From top, I see that 3.38 GB RAM is available. I’m confident that this LiveDVD would run on a box with 5 GB RAM (if that’s possible). I’m also confident that it would run on older Intel and AMD quad-core CPUs. And, given that there are just two VMs, it should be OK on dual-core CPUs.

I need to add additional apps, but I’d like to keep the RAM requirement under 6 GB. Ideally, I would like to change the allocation of RAM for /ram1 and /ram2. If that were possible, this LiveDVD would easily run in 4 GB RAM, even with some additional apps. However, the allocation seems quite deeply hard-coded. At least, there is no way to change it in bootcdwrite.conf or command-line options. At best, I’d need to patch and recompile bootcdwrite.

I’m currently using tor-0.2.3.25 (out of laziness). The most recent stable Tor port in FreeBSD < see FreshPorts -- security/tor: Anonymizing overlay network for TCP > is tor-0.2.4.21, and I’ll update before the next LiveDVD trial.

There are a few other glitches that need attention. There’s a glitch with host fluxbox startup, so users must run “startx” at the initial “user@debian” prompt. In addition to updating Tor in the pfSense VM, I need to get ControlPort working. As I’ve noted, it’s probably a permissions issue.

The image does contain bootcd and k3b (for writing the DVD) but there are no menu entries for them. As far as I know, it would be possible to install from this LiveDVD, make modifications, and then create a revised LiveDVD. I haven’t yet attempted that. It is a persistence option, albeit rather extreme :wink:

I was going to provide more detail, but there’s just too much to post. I’ll post an update soon with an attachment.

If anyone would like to test, the current version (LiveDVD_0.1.iso) is on 4shared (in two pieces). It’s signed with my key (fingerprint BF24 D19E 7B33 536E 7512 BA47 620D 6551 17C2 E43E) and encrypted. Please email me for passwords and instructions. It’s a free account, which means one download is allowed per day, and ~11 per month.

I’m following your progress. I have one question, what’s your opinion about a live usb?

In case you didn’t know, there is a great multiboot tool that supports any image, you just copy and paste and the menu gets automatically generated. And supports persistence too.

Can I use your system on this tool? Would you use this?

Wouldn’t it be great having Qubes + Whonix functionality on Easy2Boot?

I’m not comfortable trusting write-only on writable media.

[quote=“z”]In case you didn’t know, there is a great multiboot tool that supports any image, you just copy and paste and the menu gets automatically generated. And supports persistence too.

That is interesting. One could fit many systems on a 60 GB USB flash drive :slight_smile:

I’m sure that it would work, just like any bootable ISO.

Yes, it would :slight_smile:

Is there a Qubes LiveDVD? If not, I wonder how one might create one. I doubt that bootcdwrite would work, at least not without major modification.

I didn’t try installing Qubes yet, but found this: (The Invisible Things Lab's blog: How is Qubes OS different from... second comment)

installation on a USB disk is fully supported for Qubes (as indicated on the installation page).

Also from Easy2Boot page:

Supports Partition Image booting - make image files of any existing, bootable single-partition FAT32 or NTFS USB stick and add the files to E2B (e.g. add images of USB Flash drives made with YUMI, XBOOT, SARDU, WinSetupFromUSB, LiveUSB Creator, Rufus, USB Universal Installer, HP Utilities, etc.)

[quote=“z, post:4, topic:247”]I didn’t try installing Qubes yet, but found this: (The Invisible Things Lab's blog: How is Qubes OS different from... second comment)

Also from Easy2Boot page:

Well, Qubes doesn’t install to Windows-type partitions. But maybe Easy2Boot could create a bootable image from a Qubes partition. Or maybe it could just include an existing Qubes system in its boot menu.