I have 3 laptops that all need Whonix Gateway installed on them. They will all act as routers where a machine will connect to the laptop via Ethernet and have the connection go through Tor. Each laptop has a wifi card that will connect to the Internet.
I attempted it last night on one of the laptops and got Debian Jessie installed, setup and hardened. I attempted to install Whonix following the instructions in the docs and all went well, except when I checked the log files there were errors that caused the installation to fail.
I don’t need any help with the install errors. I can dig into that and find the problem. But, the difficulty is working on these laptops and debugging is a real pain in the a**. I end up having to jump through hoops to copy the log files onto USB, transfer them to another laptop, dig through the file, and after some research go back to the laptop and attempt to solve. I usually end up having to type out long commands by hand. It’s no fun. I’m working in a shell with no WM.
Another concern I have is non of these laptops should ever connect to the Internet except via Tor. I have no idea why, he’s super paranoid, but he doesn’t want the laptops to connect to the Internet unless via Tor. Not even to install required packages. Not my decision, but hey. This makes it difficult because I have to download packages onto USB, and often end up in dependency hell. It’s very time consuming, and is made even more difficult by the clients requests.
After the failure installing last night I had to start again installing Jessie, and start over. I wasn’t sure if the failed install would cause problems if I attempted to install again so I decided to start from scratch. Again, another headache.
So, what I would ideally like to do is to create a Whonix base image on my development machines, and use that image to install on the laptops. It would be so much easier to debug. I’m not quite sure how this is done, but I have a week off work so I’m open to learning.
I’m open to suggestions on best ways to get this done. It would be nice if Whonix had an installation disk (or even a live disk) for situations where the physically isolated gateway is only used to act as a “Tor router”.
I’ve found Linux Live, which is a set of scripts to create a live disk from a current installation. What I’m thinking is to install Jessie, and Whonix Gateway using a VM, then create a live disk from that. The plan is to just pop the disk in, and have it boot and ready to use. Like a disposable gateway. Linux Live Kit is a set of shell scripts which allows you to create your own Live Linux!
If there’s any pressing issues with this I would love some feedback.
Ok I did it, and it worked fine but I’m still really unsure on the security of doing this.
Linux Live Kit worked fine. It’s pretty cool, but I don’t like the branding they stuff into the boot process so today I’m going to use debootstrap, and genisoimage to create a live disk.
If anyone would like to test it out let me know and I can upload it to GitHub when it’s done. I would be really interested to hear some views, and feedback, in doing this.
@Patrick I have a quick question if you don’t mind helping me out:
I was under the assumption that Tor selects nodes randomly from the Tor network before sending any data. The public keys for the selected nodes are used to encrypt each layer. What other entropy seeds should I be looking at?
I also read this:
Tor has no way to stop a powerful adversary covertly registering lots of relays. Right now Tor is configured to stick with a single entry guard for 12 weeks at a time, so you only choose 4 new guard relays each year.
Which leads me to ask: What is the concern regarding guard nodes on a live disk setup?
First, they build it from source code using live-build. Tails is a
live-build based project.
Second, they may not get around it or run into other issues. Last time I
checked, Tails didn’t have persistent Tor entry guards or sorted out the
question of random seeds (and persistence of those) in Tails.
I was under the assumption that Tor selects nodes randomly from the
Tor network before sending any data. The public keys for the selected
nodes are used to encrypt each layer. What other entropy seeds should
I be looking at?
Thanks for the response. I’m looking to do something very similar to Tails, except to create a Whonix Gateway Live CD. wlan0 will connect to an AP, and eth0 will be used to connect a machine to the computer running the Live CD to have all Internet traffic go via Tor.
Currently, it will only be used for my own use/clients so I have no issues with rebuilding a fresh Live CD/USB per machine if need be. This can be scripted eventually.
My current concerns are security implications of doing this. As I mentioned in my OP it is not practical for me to build Whonix Gateway on every machine that a client requests which is why I’m entertaining the idea of using Live media.
So far I have it working fine. I haven’t used it in production because I’m still doing a lot of research into the implications of doing this but it’s a start I guess.
I seen in the docs that Whonix was looking for a contributor to do Live media. It would be cool to spend some time researching and contributing to this:
At this time, Whonix does not provide a user-friendly USB creator (community contributions are welcome!). However, for greater security users can install the host operating system(s) required for Whonix on a dedicated (encrypted) external disk(s) such as a USB flash drive, FireWire and eSATA devices and so on.
Thanks again for taking the time to respond. Any help/advice at this stage is very much appreciated.
Tails is built from source code live-build which generates an iso image. -> Redistributable.
Computer installation -> considered binary -> hdd to iso tools generate binary images created from binary sources. -> Good to have some wiki instructions, can help some people, but not a usable solution. Even harder to make reproducible. Not redistributable. For personal use ok. For redistribution it would be very unprofessional. It’s like me manually creating VirtualBox by keyboard and mice and then uploading the result.
Random seed sharing with redistributed images can in worst case lead to the cryptography being totally broken.
Private random seed sharing could lead to one machine being compromised in effectively all machines being compromised.
Not sure what other files should not be duplicated when taking an image. For example, you wouldn’t want to leak any openssh keys. The sane way is to create an image from source code. Then create the same image again from source code. Then diff them. Then conclude which files are different (bad, long term worth fixing to make it reproducible) and conclude which files should not be duplicated/published (such as random seeds, openssh keys, and whatnot).
I didn’t research the implications or what other files should not be duplicated besides Tor entry guards, random seeds and openssh keys when taking an image from an installation and duplicating it elsewhere.
