Multiple Qubes-Whonix TemplateVMs
Multiple Qubes-Whonix ™ TemplateVMs provides much greater flexibility over a single template when choosing software packages. The additional cloned templates can be customized with software to meet specific requirements; something impossible to achieve with a single TemplateVM. 
- Packages from a later release: Installing packages from a later release could end up breaking the system. For example, mixing packages from Debian Stable [archive] with those of a later release like Debian Testing [archive] can lead to an unstable system because of associated software dependencies required for full functionality.   Prior to installing Debian packages from a later release, first read Install from Debian testing.
- Custom software: Additional cloned templates makes it easy to install custom software used for a specific application. For example, users could Tunnel UDP over Tor by configuring
whonix-ws-15to route all applications through a VPN tunnel. However, this method also increases the risk of identity correlation. To mitigate this risk, the AppVM based on this template should only be used for the particular application that must be routed through the tunnel-link. Before installing custom software it is recommended to first read Install Software General Advice.
- Untrusted packages: It is unwise to install untrusted packages in a template used for sensitive activities. With multiple cloned TemplateVMs, a single template can be designated as a less trusted domain for that purpose.  Read Notes on trusting your TemplateVM(s) [archive] prior to installing untrusted packages.
Cloning templates in Qubes-Whonix ™ is easily accomplished via Qube Manager. Be careful with naming conventions for both TemplateVMs and AppVMs (based on those templates) so they are not confused with each other. This will minimize the chance of basing an AppVM on the wrong template.
When creating AppVMs based on cloned TemplateVMs, a purpose-based naming convention is sensible so there is no ambiguity regarding the intended function of an AppVM. For example, if an AppVM is created to tunnel UDP over Tor, appending
tunnel-udp (the purpose) to the end of
anon-whonix would lead to the name
To clone Qubes-Whonix ™ TemplateVMs, follow the steps below in Qube Manager:
Qube Manager →
VM to be Cloned →
Clone qube →
Enter name for Qube clone
When prompted, give the newly cloned VM a name that is not easily confused with other VMs. This minimizes the chances of basing an AppVM on the wrong template; there could be serious security concerns if a "trusted" AppVM was based on the wrong TemplateVM with untrusted packages.
If you would like to change the UpdatesProxy setting for any TemplateVM, apply the following steps.
- Optionally, the default template can be cloned and used as the default template for AppVMs. Having a “known-good” backup template available at all times is best practice.
- Using packages from different repositories can lead to Dependency Hell.
- This problem can be avoided by cloning additional Whonix ™ templates and preferring packages from a single repository in each TemplateVM.
- It is strongly encouraged to only install signed packages from a trusted source.
- This applies to all TemplateVMs, even if they were cloned.
- Since TemplateVMs in Qubes R4 and above are supposed to be upgraded through qrexec based Qubes updates proxy.
$tag:whonix-updatevm $default allow,target=sys-whonix
Note that policy parsing stops at the first match, [...]