mirror of
https://github.com/BillyOutlast/Whonix-On-Proxmox.git
synced 2026-07-01 17:58:56 -04:00
Update README.md
This commit is contained in:
@@ -1,99 +1,81 @@
|
||||
This guide combines official Whonix KVM documentation with proven community steps for Proxmox. Whonix consists of two parts: the Gateway (which runs Tor) and the Workstation (where you do your work).
|
||||
# Whonix on Proxmox: KVM-Equivalent Implementation
|
||||
|
||||
Phase 1: Preparation
|
||||
Download Whonix: Go to the Whonix KVM Download page and download the XFCE or CLI version (usually a .xz file).
|
||||
This repository provides a guide and configuration details for importing **Whonix** into **Proxmox VE**. This implementation replicates the official Whonix KVM XML configurations, ensuring a high-security, isolated environment for anonymous computing.
|
||||
|
||||
Upload to Proxmox: Upload the downloaded file to your Proxmox host (via SFTP or the shell).
|
||||
## 🛠 Prerequisites
|
||||
|
||||
Extract the Images:
|
||||
Open the Proxmox shell and run:
|
||||
* **Proxmox VE** (v7.0 or higher recommended).
|
||||
* **Whonix KVM Images** (`.qcow2` format).
|
||||
* Basic familiarity with the Proxmox Shell and `iptables`.
|
||||
|
||||
Bash
|
||||
# Decompress the archive
|
||||
## 🌐 Network Architecture
|
||||
|
||||
To ensure anonymity, the setup utilizes two distinct virtual bridges:
|
||||
|
||||
| Bridge | Name | Type | Purpose |
|
||||
| --- | --- | --- | --- |
|
||||
| **`vmbr1`** | `Whonix-External` | NAT / Masquerade | Connects the Gateway to the Internet. |
|
||||
| **`vmbr10`** | `Whonix-Internal` | Isolated | Connects Workstation to Gateway only. |
|
||||
|
||||
### Host Configuration
|
||||
|
||||
Add the following to `/etc/network/interfaces` to enable the NAT adapter:
|
||||
|
||||
```bash
|
||||
auto vmbr1
|
||||
iface vmbr1 inet static
|
||||
address 10.0.2.2/24
|
||||
bridge-ports none
|
||||
bridge-stp off
|
||||
bridge-fd 0
|
||||
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
post-up iptables -t nat -A POSTROUTING -s '10.0.2.0/24' -o vmbr0 -j MASQUERADE
|
||||
post-down iptables -t nat -D POSTROUTING -s '10.0.2.0/24' -o vmbr0 -j MASQUERADE
|
||||
|
||||
```
|
||||
|
||||
## 🚀 Installation Steps
|
||||
|
||||
### 1. Image Preparation
|
||||
|
||||
Decompress the official Whonix KVM archive and extract the `.qcow2` files:
|
||||
|
||||
```bash
|
||||
unxz Whonix-Xfce-*.libvirt.xz
|
||||
# Extract the qcow2 files
|
||||
tar -xvf Whonix-Xfce-*.libvirt
|
||||
You should now have two .qcow2 files: one for the Gateway and one for the Workstation.
|
||||
|
||||
Phase 2: Network Configuration
|
||||
Whonix requires an isolated internal network so the Workstation can only communicate with the Gateway.
|
||||
```
|
||||
|
||||
In the Proxmox Web UI, go to System > Network.
|
||||
### 2. Disk Import
|
||||
|
||||
Click Create > Linux Bridge.
|
||||
Import the disks into your Proxmox LVM or ZFS storage:
|
||||
|
||||
Name: vmbr10 (or any free bridge ID).
|
||||
```bash
|
||||
qm importdisk <GATEWAY_ID> Whonix-Gateway-*.qcow2 <STORAGE_NAME>
|
||||
qm importdisk <WORKSTATION_ID> Whonix-Workstation-*.qcow2 <STORAGE_NAME>
|
||||
|
||||
IPv4/IPv6: Leave empty.
|
||||
```
|
||||
|
||||
Bridge ports: Leave empty (this makes it an isolated internal switch).
|
||||
### 3. VM Hardware Settings
|
||||
|
||||
Comment: Whonix Internal.
|
||||
Match these settings to align with official security recommendations:
|
||||
|
||||
Apply the configuration.
|
||||
* **CPU:** Type `host`, 1-2 cores.
|
||||
* **Entropy:** Add a **VirtIO RNG** device to both VMs.
|
||||
* **Display:** **VirtIO-GPU** (Standard) or **SPICE** for better performance.
|
||||
* **Gateway NICs:** * `net0` -> `vmbr1` (External).
|
||||
* `net1` -> `vmbr10` (Internal).
|
||||
|
||||
Phase 3: Create the Virtual Machines
|
||||
1. The Whonix-Gateway
|
||||
General: Name it Whonix-Gateway, VM ID (e.g., 100).
|
||||
|
||||
OS: Select "Do not use any media".
|
||||
* **Workstation NIC:** * `net0` -> `vmbr10` (Internal).
|
||||
|
||||
System: Set Graphics card to VirtIO-GPU.
|
||||
## 🔒 Verification
|
||||
|
||||
Disks: Delete the default disk (we will import the Whonix image later).
|
||||
1. Boot **Whonix-Gateway** and run `whonixcheck` to confirm Tor connectivity.
|
||||
2. Boot **Whonix-Workstation** and verify it has no direct internet access except through the Gateway.
|
||||
|
||||
CPU: At least 2 cores. Type: host or x86-64-v2-AES.
|
||||
## 📝 Credits & Resources
|
||||
|
||||
Memory: 2048 MB.
|
||||
* [Whonix KVM Official Documentation](https://www.whonix.org/wiki/KVM)
|
||||
* [Proxmox Support Forum Discussion](https://forum.proxmox.com/threads/any-one-tried-installing-whonix-on-proxmox.134849/)
|
||||
|
||||
Network: * NIC 1: Attach to vmbr0 (your internet-facing bridge). Model: VirtIO (paravirtualized).
|
||||
|
||||
NIC 2: Go to the VM's Hardware tab after creation and add a second NIC. Attach this to vmbr10 (the isolated bridge created in Phase 2).
|
||||
|
||||
2. The Whonix-Workstation
|
||||
General: Name it Whonix-Workstation, VM ID (e.g., 101).
|
||||
|
||||
OS: Select "Do not use any media".
|
||||
|
||||
System: Set Graphics card to VirtIO-GPU.
|
||||
|
||||
Disks: Delete the default disk.
|
||||
|
||||
CPU: At least 2-4 cores. Type: host or x86-64-v2-AES.
|
||||
|
||||
Memory: 4096 MB.
|
||||
|
||||
Network: * NIC 1: Attach to vmbr10 (the isolated bridge). Important: Do NOT attach the Workstation to vmbr0.
|
||||
|
||||
Phase 4: Import the Disks
|
||||
Return to the Proxmox shell to import the .qcow2 images into the VM configurations. Replace 100/101 with your VM IDs and local-lvm with your storage name.
|
||||
|
||||
Bash
|
||||
# Import Gateway Disk
|
||||
qm importdisk 100 Whonix-Gateway-*.qcow2 local-lvm
|
||||
|
||||
# Import Workstation Disk
|
||||
qm importdisk 101 Whonix-Workstation-*.qcow2 local-lvm
|
||||
After importing, attach the disks in the Web UI:
|
||||
|
||||
Select the VM > Hardware.
|
||||
|
||||
Double-click the Unused Disk.
|
||||
|
||||
Set the Bus/Device to SCSI 0.
|
||||
|
||||
Go to the Options tab and update the Boot Order to prioritize the new SCSI disk.
|
||||
|
||||
Phase 5: Final Adjustments & Boot
|
||||
Gateway Boot: Start the Gateway first. On the first boot, it will run the "Whonix Setup" wizard. Let it connect to Tor and finish updates.
|
||||
|
||||
Workstation Boot: Start the Workstation. It should automatically receive an internal IP (10.152.152.11) and route all traffic through the Gateway.
|
||||
|
||||
Check Connection: Run the whonixcheck (or "System Check") tool on both VMs to ensure everything is configured correctly.
|
||||
|
||||
Pro-Tips from the Forum/Wiki:
|
||||
Entropy: Whonix is sensitive to entropy. Ensure "VirtIO RNG" is added to both VMs' hardware if you experience slow boots or lag.
|
||||
|
||||
Display: If the mouse feels sluggish, ensure you are using the VirtIO-GPU and consider using the SPICE protocol if you have the client installed.
|
||||
|
||||
Passwords: The default user is user. Depending on the version, it may log in automatically or use the default password changeme. You should change this immediately using the passwd command.
|
||||
|
||||
Reference in New Issue
Block a user