Testpage2
How-to: Use more than One Whonix-Workstation™ - Easy[edit]
Non-Qubes-Whonix™
Note: The following instructions only apply to Download/Default-Whonix-Workstation or Whonix VMs built from source code. To use another operating system like Windows, other GNU/Linux, BSD etc. please see the Other Operating Systems chapter instead.
Each additional Whonix-Workstation VM must have its own MAC address and internal LAN IP address.
1. Clone a fresh Whonix-Workstation VM.
- VirtualBox: In VirtualBox Manager, clone
a clean Whonix-Workstation. - KVM: In Virtual Machine Manager, clone a clean Whonix-Workstation:
Highlight Whonix-Workstation→Open→Virtual Machine→Clone
2. Assign a new MAC address to the cloned VM.
Note: A new MAC address is necessary if an additional VirtualBox VM is imported.
- VirtualBox: In VirtualBox Manager, assign a new MAC address:
VirtualBox→Settings→Network→Adapter 1→Advanced→Mac Address→Create a new MAC address (press the green round arrow icon)→OK - KVM: To change the internal network in KVM, see: Creating Multiple Internal Networks.
3. Edit the network interfaces file in Whonix-Workstation.
sudoedit /etc/network/interfaces.d/30_non-qubes-whonix
Ignore all lines starting with a hashtag ("#"). That is because comments are only for documentation and notes. However, comments are ignored by the system.
Look for line address 10.152.152.11. Change the last octet. For example, change 10.152.152.11 to 10.152.152.12
Save and exit.
4. Review your changes.
The following command is optional but handy to show all file contents without comments.
cat /etc/network/interfaces.d/30_non-qubes-whonix | grep --invert-match \#
That should show for example:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 10.152.152.12
netmask 255.255.192.0
gateway 10.152.152.10
It would even be possible to replace the contents of that config file will above contents. When using more than 1 additional Whonix-Workstation however 10.152.152.12 should be changed to 10.152.152.13 and so forth.
5. Reboot.
Reboot the Whonix-Workstation or alternately restart the network.
sudo service networking restart
6. Done.
Qubes-Whonix™
1. Create an additional App Qube based on the Whonix-Workstation Template (whonix-workstation-17) and give it a distinctive name such as for example anon-whonix2. (A more distinctive name is desirable.)
2. Confirm the new Whonix-Workstation App Qube is using a Whonix-Gateway™ (such as for example the default sys-whonix) as its net qube.
If creating a new App Qube is unfamiliar, follow this step-by-step instructions:
A.) Create Qubes-Whonix-Workstation App Qube
B.) Name and label: Name the App Qube. Don't include any personal information (if the App Qube is compromised, the attacker could run qubesdb-read /name to reveal the VM name). Name the App Qube something generic, for example: anon-whonix.
C.) Color: Choose a color label for the Whonix-Workstation App Qube.
D.) Use this template: Choose the Whonix-Workstation Template. For example: whonix-workstation-17.
E.) Standalone: Leave the Standalone field unchecked, unless a persistent root filesystem is desired.
F.) Type: Choose the type App Qube.
G.) Allow networking: Choose the desired Whonix-Gateway ProxyVM from the list. For example: sys-whonix.
H.) Press: OK.
3. Depending on the net qube setting.
A)
If the Whonix-Workstation App Qube is connected to sys-whonix: No special instructions required.
B)
- If the Whonix-Workstation App Qube is connected to any Whonix-Gateway other than
sys-whonix, apply the following instructions: [1]
Note: Inside the Whonix-Workstation App Qube.
A.) Create folder /usr/local/etc/sdwdate-gui.d.
sudo mkdir -p /usr/local/etc/sdwdate-gui.d
B.) Open with root rights.
sudoedit /usr/local/etc/sdwdate-gui.d/50_user.conf
C.) Add the following text.
Note: The following example uses sys-whonix2 as an example. Replace sys-whonix2 with the name of the VM of Whonix-Gateway which this Whonix-Workstation App Qube uses as its net qube. For example, sys-whonix3.
gateway=sys-whonix2
D.) Save the file.
E.) In case of issues.
sdwdate-gui qrexec denied messages? See Qubes-Whonix troubleshooting, sdwdate-gui qrexec.
4. Done.
The process of setting up an additional Whonix-Workstation App Qube has been completed.
- ↑
This is non-ideal usability wise.
Sparing users from needing to change this setting requires upstream Qubes feature request way to find out the name of gateway from inside the VM - qubesdb-read /qubes-gateway-name or qrexec feature request: send this over qrexec to the net qube I am connected to / sys-whonix hardcoded / sys-whonix unexpected autostart to get implemented.
Technical improvement proposals:
https://forums.whonix.org/t/sys-whonix-starting-spontaneously-after-update/8123