yindo/Whonix-On-Proxmox
1
0
Fork 0
mirror of https://github.com/BillyOutlast/Whonix-On-Proxmox.git synced 2026-06-29 21:43:24 -04:00
Code Issues 1 Packages Projects Releases Wiki Activity
2 Commits 1 Branch 0 Tags
main
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
BillyOutlast 9018a78c12 Update README.md
2026-02-17 15:27:18 -05:00
README.md
Update README.md
2026-02-17 15:27:18 -05:00

README.md

Whonix on Proxmox: KVM-Equivalent Implementation

This repository provides a guide and configuration details for importing Whonix into Proxmox VE. This implementation replicates the official Whonix KVM XML configurations, ensuring a high-security, isolated environment for anonymous computing.

🛠 Prerequisites

  • Proxmox VE (v7.0 or higher recommended).
  • Whonix KVM Images (.qcow2 format).
  • Basic familiarity with the Proxmox Shell and iptables.

🌐 Network Architecture

To ensure anonymity, the setup utilizes two distinct virtual bridges:

Bridge Name Type Purpose
vmbr1 Whonix-External NAT / Masquerade Connects the Gateway to the Internet.
vmbr10 Whonix-Internal Isolated Connects Workstation to Gateway only.

Host Configuration

Add the following to /etc/network/interfaces to enable the NAT adapter:

auto vmbr1
iface vmbr1 inet static
        address 10.0.2.2/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '10.0.2.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.0.2.0/24' -o vmbr0 -j MASQUERADE

🚀 Installation Steps

1. Image Preparation

Decompress the official Whonix KVM archive and extract the .qcow2 files:

unxz Whonix-Xfce-*.libvirt.xz
tar -xvf Whonix-Xfce-*.libvirt

2. Disk Import

Import the disks into your Proxmox LVM or ZFS storage:

qm importdisk <GATEWAY_ID> Whonix-Gateway-*.qcow2 <STORAGE_NAME>
qm importdisk <WORKSTATION_ID> Whonix-Workstation-*.qcow2 <STORAGE_NAME>

3. VM Hardware Settings

Match these settings to align with official security recommendations:

  • CPU: Type host, 1-2 cores.

  • Entropy: Add a VirtIO RNG device to both VMs.

  • Display: VirtIO-GPU (Standard) or SPICE for better performance.

  • Gateway NICs: * net0 -> vmbr1 (External).

  • net1 -> vmbr10 (Internal).

  • Workstation NIC: * net0 -> vmbr10 (Internal).

🔒 Verification

  1. Boot Whonix-Gateway and run whonixcheck to confirm Tor connectivity.
  2. Boot Whonix-Workstation and verify it has no direct internet access except through the Gateway.

📝 Credits & Resources

Reference in New Issue View Git Blame Copy Permalink
S
Description
No description provided
kvmprivacyproxmoxwhonix
Readme 33 KiB