Whonix and host configuration

mistik · January 6, 2015, 5:23pm

hey there this is my first post here
i’ve read the documentation and i have some questions

so i plan too use win7 as host and virtual box for whonix
on win7 host i have disabled all networking so deleted all ethernet and wireless drivers and for whonix connection i will use alfa adapter which does not have installed drivers on win7 host
so if there is some exploit in virtualbox and malware does break out somehow it will have no networking in the host so ip and location are still hidden? is this right?

if i want to use win7 or xp machine for whonix workstation and i use torbrowser to blend in with the crowd how can i avoid having tor over tor situation that can be dangerous?

is disabling transport advised if i use the setup as above?

if i run tor buddy script(http://learnnetsec.blogspot.com/2013/06/tor-buddy-live.html) on whonix gateway to change the tunnel more frequent then 10 minutes is it gonna add more anonimity ?

if using pptp vpn to connect workstation to gateway does the ISP still see i am using TOR and can the exit node sniff my packets? i mean is something like https://blog.malwarebytes.org/development/2012/04/anonymizing-traffic-for-your-vm-and-capturing-traffic/ possible with using whonix gateway ofcourse?

Patrick · January 6, 2015, 9:49pm

That’s an interesting idea. But futile, I think.

If the host has no internet connectivity, how could Whonix-Gateway have? And if the host has none, but somehow Whonix-Gateway, an adversary who broke out to the host could then easily infect Whonix-Gateway as well. I would assume that an adversary in position to break out of VirtualBox has the chance to pull this off as well.

if i want to use win7 or xp machine for whonix workstation and i use torbrowser to blend in with the crowd how can i avoid having tor over tor situation that can be dangerous?

See:

is disabling transport advised if i use the setup as above?

It's unrelated.

See also:

if i run tor buddy script(http://learnnetsec.blogspot.com/2013/06/tor-buddy-live.html) on whonix gateway to change the tunnel more frequent then 10 minutes is it gonna add more anonimity ?

No, because then you're the one who changes more frequently than vast majority of others and you don't want to stand out.

if using pptp vpn to connect workstation to gateway does the ISP still see i am using TOR and can the exit node sniff my packets?

Both, yes.

There are very few use cases where it makes sense to run a VPN server on the same machine as the client. For what you have in mind here, it certainly won’t help.

i mean is something like https://blog.malwarebytes.org/development/2012/04/anonymizing-traffic-for-your-vm-and-capturing-traffic/ possible with using whonix gateway ofcourse?

Possibly useful VPN / tunnel scenarios are documented here: https://www.whonix.org/wiki/Features#VPN_.2F_Tunnel_support

mistik · January 7, 2015, 10:55pm

i got it to work
there is no networking on the host and all the drivers for cards are deleted
whonix gateway has the connection with alfa wireless adapter
im just not sure now how does the connection go through the interfaces on the gateway
whats the configuration
i have eth0 eth1 lo and wlan0
is everything gonna go through tor over wlan0 without any leaks?

Patrick · January 8, 2015, 2:46pm

Should be no leaks. Quickly checked https://github.com/Whonix/whonix-gw-firewall/blob/master/usr/bin/whonix_firewall.

Not that it matters, much, but might make sense to add

EXT_IF="wlan0"

to

/etc/whonix_firewall.d/50_user

(To find out “how much”, see https://github.com/Whonix/whonix-gw-firewall/blob/master/usr/bin/whonix_firewall and search for “EXT_IF”.)