Whonix Standalone VM in Qubes

benev · October 5, 2020, 3:25am

Hello. I tried to find the answer on google, on the forum, but I couldn’t find anything, please explain to me. I’m really confused.

Can i use Whonix Workstation in QubesOS as a standalone vm?

In all the screenshots, videos that I have seen, this only works in the applications that run in vm.
I’m used to using Whonix in VirtualBox as a separate OS, and would like to use it in the same way in Qubes, not just run apps on desktop.
And second question. Can i hold Whonix VM in veracrypt volume?

What do I need in the end: VPN->Whonix GW->Whonix WS like a standalone VM
And for start Whonix WS i will have to open the veracrypt container.
(At least some kind, like a luks, if can’t vera)

It’s all what i need, please, just explain - Can i do it? At least yes or no. And if yes, If it is not difficult, please explain exactly how. But simple answer will be fine too, because i can’t find any info.

Patrick · October 5, 2020, 10:21am

benev via Whonix Forum:

Can i use Whonix Workstation in QubesOS as a standalone vm?

Re-word.

“Can i use Debian in QubesOS as a standalone vm?”

Then can be solved as per free support principle.

Can i hold Whonix VM in veracrypt volume?

1 forum thread = 1 topic please

That topic is quite different. Related documentation:

It’s all what i need, please, just explain - Can i do it? At least yes or no. And if yes, If it is not difficult, please explain exactly how. But simple answer will be fine too, because i can’t find any info.

If its Qubes specific, then it’s Qubes specific and won’t be answered
here for many reasons (see Free Support Principle Rationale).

benev · October 5, 2020, 10:37am

Sorry, maybe I don’t understand something, but you can’t just tell me if I can do it? I’m not even asking you to explain how, write guide and etc, but just asking if I can or no, no more.

Patrick · October 5, 2020, 10:58am

Not even that. Please use https://www.whonix.org/wiki/Free_Support_Principle whenever possible.

benev · October 9, 2020, 5:43pm

I have been studying the qubesos for several days, and I really like it, everything is clear and in general I have dealt with everything. Apart from one thing I asked about at the very beginning and may not have correctly explained.

My task was to get the whonix-workstation to work like a WS in VirtualBox. (i mean open full os, with xcfe shell, like HVM Windows) At first I thought if I did just copy template whonix and did new qube WS with “standalone” option, i get it, but no, it’s still open like appvm.

You said:

For Debian, i can download iso file and did it yes, but whonix haven’t iso file.
So in my case i found way: i take my old VirtualBox WS and " Converting VirtualBox VMs to Qubes HVMs" (https://www.qubes-os.org/doc/standalone-and-hvm/)
So it’s work, but i haven’t internet on WS. So in next step, i write in “/etc/network/interfaces.d/30_non-qubes-whonix” sys-whonix gateway ip and ip of WS Standalone VM from qubes manager. And… It’s full work!
BUT i have big doubts that I did not do something too safe.

I certainly understand that using the basic solution in the QubesOS is more correct and safe, but it is in my case, for my needs, that I need exactly what I did. The question is, what did i do - is it safe at least as in the VirtualBox or is it completely complete nonsense?
And is there a better way to realize my task if I did something bad?

Patrick · October 10, 2020, 12:00pm

This part is Whonix specific indeed since Whonix isn’t variable as an ISO yet (and even if it was, it probably wouldn’t apply to Qubes-Whonix). The ISO installation way won’t work - which is Whonix specific. Using Non-Qubes-Whonix inside Qubes is discouraged.

I don’t think this has something to do with the Qubes specific term “StandaloneVM”.

Qubes uses the term StandaloneVM to refer differences in inheritance and persistence. A StandaloneVM does not have a shared root image. One example “sudo apt install pkg-name” run in TemplateBased AppVM will be lost after reboot but would persistent in TempalteVM or StandaloneVM. Please refer to Qubes documentation / support for further information on Qubes inheritance and persistence.

https://www.whonix.org/wiki/Template:Qubes_persistence

In short: I’d avoid the term StandaloneVM because people won’t think about “make desktop visible” but “persistent root image”. For Qubes, I currently don’t know the right catch phrase for “make desktop visible”, easily misunderstood.

Re-word.

“Can I make the desktop of a debian-10 TemplateVM based AppVM visible?"

Then can be solved as per free support principle.

Things I would try with a Debian AppVM:

QVMM -> Advanced -> change Virtualization mode from PHV to HVM
QVMM -> Basic -> run in debug mode (not sure what that does, research)

But this might just be part of solution. You might have to install xserver / desktop imprisonment inside VM. I haven’t done that myself yet, therefore I don’t know.

benev · October 10, 2020, 5:09pm

Just open console, then black window.

I try install xcfe4 in debian appvm console, after the start, a bunch of windows opened, even xfce4 opened, but it absolutely looks unsupported.

So in general, my question about if i moved from VirtualBox .VDI to qubes HVM OS, the WS opened without problems and looks stable and working, then I changed the network parameters in the file, I want to understand, although this is not recommended, will such a decision be anonymous? Can this be compared with VB GW + WS? Or can I get some problems on such a solution?

Patrick · October 11, 2020, 11:30am

Discouraged.
As said in my previous post.

benev · October 11, 2020, 3:49pm

I asked because I didn’t fully understand what you meant. The doctor can say that drinking beer is also not recommended, but many do and live normally. Here is the question - how critical is it, to use so, from the point of view of internal interaction, what is happening?

Patrick · October 11, 2020, 4:19pm

I didn’t and I won’t investigate that. In worst case there could be leaks.

benev · October 12, 2020, 12:09am

Okay, thank you very much for your response and help.
Another question, purely from the point of view of user use. Is it not better when a virtual machine in qubes opens completely as in VirtualBox that you can clearly understand what belongs to this “zone”? Yes, marking with different colors is not bad, but there is still a risk of confusion. What do you think about that? I mean, for example, when I use Linux (debian for exmp) and VB, I can accurately understand that this zone in vb, where all programs, files, etc. are stored, is exactly independent and it is exactly like a separate layer. In the case of the Qubesos, everything looks like a single whole and does not create some kind of psychological comfort that everything is protected, in terms of anonymity, not about security. Maybe I’m wrong, so just in terms of theory the question