UnstoppableSwap inside Whonix
Donate
A decentralized exchange (DEX) that enables atomic swaps, allowing users to exchange Bitcoin (BTC) for Monero (XMR).
COMMUNITY SUPPORT ONLY :
THIS WHOLE WIKI PAGE
is only supported by the community. Whonix developers are very unlikely to provide free support for this content.
See Community Support for further information, including implications and possible alternatives.
Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.
Introduction[edit]
- BTC → XMR: Selling Bitcoin (BTC) and buying Monero (XMR). Users act as takers by default, meaning the BTC transaction must be initiated first.
- XMR → BTC: Selling Monero (XMR) and buying Bitcoin (BTC). Selling XMR requires additional effort, as manual sales are not possible. Instead, users can only post an offer to sell XMR if they have set up a "maker" client.
Installation[edit]
The client should work out-of-box and integrate with the Whonix Tor daemon directly
.
The asb daemon hosts an onion service, so it needs additional set-up,
Whonix-Gateway™ Installation Steps[edit]
onion-grater Profile[edit]
This application requires incoming connections through a Tor onion service. Supported Whonix-Gateway™ modifications are therefore necessary for full functionality; see the instructions below.
For better security, consider using Multiple Whonix-Gateway and Multiple Whonix-Workstation™. In any case, Whonix is the safest choice for running it. [1]
Extend the onion-grater whitelist.
Whonix-Workstation™ Installation Steps[edit]
Installation[edit]
Before installing OnionShare:
- A separate Whonix-Workstation (Qubes-Whonix™:
anon-whonixApp Qube) is also recommended. The reason is the OnionShare installation will persist in this configuration and it is best practice to separate different, anonymous activities in distinct VMs (App Qubes). See Multiple Whonix-Workstation. - Installation using
flatpak
or snapis discouraged because it leads to Tor over Tor. - Installation from Debian package sources as documented below is recommended.
Inside Whonix-Workstation.
TODO: Probably will not work because unstoppableswap is not in packages.debian.org!
Install package(s) unstoppableswap following these instructions
1 Platform specific notice.
- Non-Qubes-Whonix: No special notice.
- Qubes-Whonix: In Template.
2 Update the package lists and upgrade the system.
sudo apt update && sudo apt full-upgrade
3 Install the unstoppableswap package(s).
Using apt command line --no-install-recommends option is in most cases optional.
sudo apt install --no-install-recommends unstoppableswap
4 Platform specific notice.
- Non-Qubes-Whonix: No special notice.
- Qubes-Whonix: Shut down Template and restart App Qubes based on it as per Qubes Template Modification.
5 Done.
The procedure of installing package(s) unstoppableswap is complete.
Firewall Settings[edit]
Modify the Whonix-Workstation (anon-whonix) user firewall settings and reload them.
Modify Whonix-Workstation™ User Firewall Settings
Note: If no changes have yet been made to Whonix Firewall Settings, then the Whonix User Firewall Settings File /etc/whonix_firewall.d/50_user.conf appears empty (because it does not exist). This is expected.
If using Qubes-Whonix™, complete these steps.
In Whonix-Workstation App Qube. Make sure folder /usr/local/etc/whonix_firewall.d exists.
sudo mkdir -p /usr/local/etc/whonix_firewall.d
Qubes App Launcher (blue/grey "Q") → Whonix-Workstation App Qube (commonly called anon-whonix) → Whonix User Firewall Settings
If using a graphical Whonix-Workstation, complete these steps.
Start Menu → Applications → System → User Firewall Settings
If using a terminal-only Whonix-Workstation, complete these steps.
Open file /usr/local/etc/whonix_firewall.d/50_user.conf with root rights.
sudoedit /usr/local/etc/whonix_firewall.d/50_user.conf
For more help, press on Expand on the right.
Note: This is for informational purposes only! Do not edit /etc/whonix_firewall.d/30_whonix_workstation_default.conf.
The Whonix Global Firewall Settings File /etc/whonix_firewall.d/30_whonix_workstation_default.conf contains default settings and explanatory comments about their purpose. By default, the file is opened read-only and is not meant to be directly edited. Below, it is recommended to open the file without root rights. The file contains an explanatory comment on how to change firewall settings.
## Please use "/etc/whonix_firewall.d/50_user.conf" for your custom configuration,
## which will override the defaults found here. When {{project_name_short}} is updated, this
## file may be overwritten.
Also see: Whonix modular flexible .d style configuration folders.
To view the file, follow these instructions.
If using Qubes-Whonix, complete these steps.
Qubes App Launcher (blue/grey "Q") → Template: whonix-workstation-17 → Whonix Global Firewall Settings
If using a graphical Whonix-Workstation, complete these steps.
Start Menu → Applications → Settings → Global Firewall Settings
If using a terminal-only Whonix-Workstation, complete these steps.
In Whonix-Workstation, open the whonix_firewall configuration file in an editor. nano /etc/whonix_firewall.d/30_whonix_workstation_default.conf
Add. [2]
EXTERNAL_OPEN_PORTS+=" 9939 "
Save.
Reload Whonix-Workstation™ Firewall.
If you are using Qubes-Whonix™, complete the following steps.
Qubes App Launcher (blue/grey "Q") → Whonix-Workstation App Qube (commonly named anon-whonix) → Reload Whonix Firewall
If you are using a graphical Whonix-Workstation, complete the following steps.
Start Menu → Applications → System → Reload Whonix Firewall
If you are using a terminal-only Whonix-Workstation, run. sudo whonix_firewall
Tickets[edit]
- https://github.com/UnstoppableSwap/core/issues/261
- https://github.com/UnstoppableSwap/core/pull/239
- https://github.com/UnstoppableSwap/core/pull/391
Forum Discussion[edit]
Footnotes[edit]
- ↑
Security considerations:
- By using Whonix, additional protections are in place for enhanced security.
- This application requires access to Tor's control protocol.
- In the Whonix context, Tor's control protocol has dangerous features. The Tor control command GETINFO address reveals the real, external IP of the Tor client.
- Whonix provides onion-grater, a Tor Control Port Filter Proxy - filtering dangerous Tor Control Port commands.
- When this application is run inside Whonix-Gateway with an onion-grater whitelist extension, it limits Whonix-Workstation application rights to Tor control protocol access only. Non-whitelisted Tor control commands such as GETINFO address are rejected by onion-grater in these circumstances. In this event, Whonix-Workstation cannot determine its own IP address via requests to the Tor Controller, as onion-grater filters the reply.
- In comparison with other operating systems:
- If the application is run on a non-Tor-focused operating system like Debian: The application will have unlimited access to Tor's control protocol (a less secure configuration).
- Whonix: The application's access to Tor's control protocol is limited. Only whitelisted Tor control protocol commands required by the application are allowed.
- Comparison of using Tor as a client versus hosting Tor onion services.
- Using Tor only as a client: More secure.
- When hosting Tor onion services: Users are more vulnerable to attacks against the Tor network. This is elaborated in chapter Onion Services Security.
- ↑
As per https://github.com/UnstoppableSwap/core/pull/391
asbuses local port 9939 for hosting the onion service.
The most watertight privacy operating system in the world.
At
Whonix we value freedom and trust, supporting Open Source and Freedom Software
2012-
2025 ENCRYPTED SUPPORT LLC
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!