What is the best way to route traffick through Tor on kicksecure to make a persistent bootable form of Whonix

Support
1

(While I am aware of a Whonix Host ISO which the website claims is coming soon, this idea has been around for a little under 6 years now and until an ETA comes out which still does not exist, I will have to compromise)

This probably sounds very stupid, and I am aware of the reasons why Whonix is what it is and why Kicksecure is what it is. While my threat model recommends Whonix quite heavily, my use case means that I cannot use a Virtual Machine, I don’t want to hear any questions on this matter, so I’ll get into what I do know.

According to the Whonix-Kicksecure Comparison Table, the only difference is that Whonix routes ALL traffic through Tor using the Gateway. Without this Workstation can’t connect to the internet, so it works like a kill switch. I know that it is possible to do this with most if not all Linux Distributions, but it is just that Whonix is a Virtual Machine and it is much more secure in its Tor Network guarantee. If this is the case, then how can I make Kicksecure act similarly (route all traffick through Tor with a kill switch for that security) to be as close to Whonix as possible in the form of a Bootable OS.

And yes, I acknowledge that it will be as good as Whonix but once a VM will not fit my use case and I will only use it if the option I seek is 100% impossible, which I know it is not.

2

If VMs aren’t an option, are two physical computers an option? If so, you may be able to make one of them a Whonix-Gateway and one a Whonix-Workstation. You’ll probably want to read this page carefully to understand the limitations of this and see if it will work for you:

If two computers are not an option, avoiding a VM will be hard, since you really need the network card to be entirely isolated from the applications that you’re using. Otherwise you risk leaks. You can potentially use a VM workstation on a baremetal gateway, or vice versa (both of these are undocumented, and you’ll need to use hardware passthrough if the gateway is the VM which introduces a lot of complexity). If neither of those options work for you, there isn’t really much more that can be done with the tools Whonix and Kicksecure offer.

If you only need specific apps isolated so that they use Tor, oniux might be a better fit for your use case.

1 Like
3

Then that table is misleading and needs improvement. More suitable in this context:

Security Comparison: Whonix-Download-Workstation vs. Whonix-Custom-Workstation