Start TB without Tor.batAdd the following content to that file. It is necessary to set the
SET TOR_SKIP_LAUNCH=1 environment variable, then start Tor Browser. The Tor Browser Launcher add-on will detect this, skip the connection wizard and skip launching Tor.
SET TOR_SKIP_LAUNCH=1 "Start Tor Browser.lnk"Save. '''3.''' Configure network settings. Start Tor Browser. The following links for removing and changing proxy settings do not apply one-to-one for Windows! [[#Remove Proxy Settings|Removal]] of proxy settings is best avoided, while [[#Change Proxy Settings|changing]] proxy settings is a better choice. How this is accomplished on Windows is currently undocumented, but user contributions to finish these instructions are most welcome. '''4.''' Figure out missing instructions. Missing instructions need to be ported from Linux-specific to Windows-specific, see [[#Configure Tor Browser Settings|{{project_name_short}}-Linux-Workstation#Tor Browser Settings]]. '''5.''' Done. The process has been completed.
{{project_name_short}}-OpenBSD-Workstation not tested, reviewed by {{project_name_short}} developers. Documentation contribution by anonymous user.
}}
If you are interested, please press expand on the right side.
VirtualBox → Machine → New → Next → Enter Name (for example, {{Code2|myVM}}) → Enter Operating System and Version → Next → Define RAM → Next → Create a new HDD (or not) → Next → Disk format doesn't matter (VDI works well) → Next → Set dynamically or fixed size preference → Next → Set HDD size and location preference → Next → Create
'''2. Switch VirtualBox VM Settings'''
Follow these steps in order:
* Choose the newly created VM (for example, {{Code2|myVM}}) → Settings → System → Motherboard → Hardware Clock in UTC
* System → Motherboard → Pointing Device → PS/2 Mouse (required to disable the USB controller)
* System → Processor → Enable PAE/NX (if available)
* Network → Adapter 1 → Attached to Internal Network (important!)
* Network → Adapter 1 → Name (of Internal Network) (important!): {{Code|{{project_name_short}}}} Note: It is '''W'''honix, not whonix. Capital '''W''' case sensitivity matters.
* USB → Uncheck Enable USB controller
* → OK
}}
{{Tab
|title= ===KVM===
|addToClass=info-box
|content=
[[Undocumented]].
}}
{{Tab
|title= ====Qubes-Whonix====
|addToClass=info-box
|content=
'''1.''' Create a new VM.
'''2.''' Set {{project_name_gateway_vm}} as your VM's NetVM.
Qube Manager → right-click vm-name → NetVM → {{project_name_gateway_vm}} → OK
{{CodeSelect|code=
qubes-prefs --set vm-name netvm {{project_name_gateway_vm}}
}}
}}
}}
}}
{{Tab
|title= ===download and import a Whonix-Custom-Workstation===
|addToClass=info-box
|content=
'''B)''' Download and import a {{project_name_customworkstation_short}} ('''stable''' method).
This method's advantage is that there is need to manually create a new VM. The process is greatly simplified; the {{project_name_customworkstation_short}} only needs to be downloaded and imported. This approach has several benefits: it is easier, all security settings are set for the VM, and users don't have to remember and apply necessary settings.
'''Download and Use the Default {{project_name_gateway_short}}'''
Download and import the {{project_name_gateway_short}} using the same procedure as per the {{project_name_short}}-Default / Download-Version. No other {{project_name_gateway_short}} changes are required in this case!
'''Set up a {{project_name_customworkstation_short}}'''
Select your platform.
{{Tab
|type=controller
|content=
{{Tab
|title= ====VirtualBox====
|addToClass=info-box
|content=
'''1. Download the {{project_name_customworkstation_short}}'''
The latest {{project_name_customworkstation_short}} Version is: {{Whonix-Custom-Workstation-Version}}
Although the version number for {{project_name_gateway_short}} and {{project_name_short}}-Default / Download-Version might be far higher than the {{project_name_customworkstation_short}} version, this is normal.
A newer {{project_name_customworkstation_short}} only needs to be redistributed if the settings for the VM have changed. For example, these have not changed between Whonix 9 and Whonix 13. Therefore, {{project_name_customworkstation_short}} version {{Whonix-Custom-Workstation-Version}} is recent enough to function, because it comes with an empty virtual hard drive (meaning software cannot be outdated).
Download the following image.
Note: The file a small file. This is to be expected.
It is only a VirtualBox VM .ova image that only contains an .ovf (Open Virtualization Format), an empty .vmdk (Virtual Machine Disk) and .mf (manifest) file.
forum discussion: [https://forums.whonix.org/t/whonix-custom-workstation-small-file-size/20655 Whonix-Custom-Workstation Small File Size?]
{{#widget:Download_Button
|text=Download {{project_name_customworkstation_short}} (FREE!)
|url=https://download.{{project_clearnet}}/ova/{{Whonix-Custom-Workstation-Version}}/{{project_name_short}}-CUSTOM-{{Whonix-Custom-Workstation-Version}}.ova
|os=windows|os=osx|os=linux
}}
'''2. Download the OpenPGP Signature'''
Download the corresponding OpenPGP signature.
{{#widget:Download_Button
|text=Download {{project_name_customworkstation_short}} OpenPGP signature (FREE!)
|url=https://download.{{project_clearnet}}/ova/{{Whonix-Custom-Workstation-Version}}/{{project_name_short}}-CUSTOM-{{Whonix-Custom-Workstation-Version}}.ova.asc
|os=windows|os=osx|os=linux
}}
'''3. Verify the Whonix Image'''
Follow these steps to [[Verify the images|verify]] the Whonix image.
'''4. Import and Rename the Virtual Machine'''
After importing the image, rename the virtual machine to something else.
It is not strictly necessary to rename the VM at this point, but this prevents potential naming conflicts if another {{project_name_customworkstation_short}} is imported later on.
VirtualBox → Right-click on VM → Settings → Name (for example: {{Code2|myVM}})
'''5. Done.'''
If this method was used, please report how well it worked in the Whonix forum.
}}
{{Tab
|title= ====KVM====
|addToClass=info-box
|content=
'''1.''' Use [https://github.com/Kicksecure/libvirt-dist/blob/master/usr/share/libvirt-dist/xml/Whonix-Custom-Workstation.xml Whonix-Custom-Workstation.xml (web)].
Click the raw button on github or use [https://raw.githubusercontent.com/Kicksecure/libvirt-dist/master/usr/share/libvirt-dist/xml/Whonix-Custom-Workstation.xml Whonix-Custom-Workstation.xml (raw)] direct link for a copy and paste friendly version.
'''2.''' [[Undocumented]].
}}
{{Tab
|title= ====Qubes-Whonix====
|addToClass=info-box
|content=
Unavailable. See manually create a VM method instead.
}}
}}
}}
}}
Follow instructions for
[[Multiple_Whonix-Workstation|Multiple Whonix-Workstation]].
== Start VM and Install Operating System ==
# Start the newly created VM (for example: {{Code2|myVM}}).
# Insert the installation DVD.
# Updates don't have to installed while installing the OS. Post-install, apply updates after the network has been set up.
# The username is: {{Code2|user}}. The computer name is: {{Code2|host}}
'''Configure network.'''
{{Tab
|linkid=1
|type=controller
|content=
{{Tab
|title= === {{non_q_project_name_short}} ===
|addToClass=info-box
|content=
In your Custom-Workstation.
'''Linux Network Management Software Setup'''
Linux has many applications able to configure networking. To name a few:
* ifupdown
* NetworkManager
* systemd-networkd
See also https://wiki.debian.org/NetworkConfiguration
This is therefore dependent on the Linux distribution being used.
Choose which inux Network Management Software your custom Linux operating system is using or use the Generic Instructions.
{{Tab
|type=controller
|content=
{{Tab
|title= ==== Generic Instructions ====
|addToClass=info-box
|content=
Generally, the required settings are the following:
* Static networking, meaning not using DHCP.
* gateway: {{CodeSelect|code=10.152.152.10}}
** This is the IP address of Whonix-Gateway.
* address: {{CodeSelect|code=10.152.152.12}}
** The VMs self-assigned own local LAN IP address.
** Increment last octet of IP address on additional workstations.
* netmask: {{CodeSelect|code=255.255.192.0}}
}}
{{Tab
|title= ==== ifupdown ====
|addToClass=info-box
|content=
In your Custom-Workstation.
{{Open with root rights|filename=
/etc/network/interfaces
}}
You only need to configure eth0:
TODO:
* https://forums.whonix.org/t/whonix-gateway-cli-15-0-1-5-4-and-debian-10-9-as-workstation-network-issues/11441
* https://www.whonix.org/w/index.php?title=Other_Operating_Systems&type=revision&diff=64470&oldid=64306
* Disable Predictable Network Interface Names
{{CodeSelect|code=
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface, leave as it is
auto lo
iface lo inet loopback
auto eth0
#iface eth0 inet dhcp
iface eth0 inet static
# increment last octet of IP address on additional workstations
address 10.152.152.12
netmask 255.255.192.0
#network 10.152.152.0
#broadcast 10.152.152.255
gateway 10.152.152.10
}}
In your Custom-Workstation.
{{Open with root rights|
filename=/etc/resolv.conf
}}
and delete everything, then add
{{CodeSelect|code=
nameserver 10.152.152.10
}}
}}
{{Tab
|title= ==== Others ====
|addToClass=info-box
|content=
Other network management software is currently [[undocumented]].
}}
}}
}}
{{Tab
|title= === {{q_project_name_short}} ===
|addToClass=info-box
|content=
No additional network configuration required.
}}
}}
'''Download operating system updates.'''
For Debian based Linux, such as Ubuntu, see [[Operating_System_Software_and_Updates|Updates]].
== Configure Tor Browser Settings ==
## Deactivate tor-launcher, ## a Vidalia replacement as browser extension, ## to prevent running Tor over Tor. ## https://gitlab.torproject.org/legacy/trac/-/issues/6009 ## https://gitweb.torproject.org/tor-launcher.git TOR_SKIP_LAUNCH=1 ## Environment variable to disable the "TorButton" → ## "Open Network Settings..." menu item. It is not useful and confusing to have ## on a workstation, because this is forbidden for security reasons. Tor must be ## configured on the gateway. TOR_NO_DISPLAY_NETWORK_SETTINGS=1 ## environment variable to skip TorButton control port verification ## https://gitlab.torproject.org/legacy/trac/-/issues/13079 TOR_SKIP_CONTROLPORTTEST=1'''3.''' Save and reboot. From this point, only the browser component of Tor Browser will be started. '''4.''' Verify environment variables. {{CodeSelect|code= env | grep -i tor }} The output should show.
TOR_NO_DISPLAY_NETWORK_SETTINGS=1 TOR_SKIP_CONTROLPORTTEST=1 TOR_SKIP_LAUNCH=1'''5.''' Configure network settings. Learn more about the network settings. * Type:
SOCKSv5.
{{Gateway_IP}}
* Port: 9100.
* Do not change the No Proxies for setting.
## The following TOR_SOCKS_HOST and TOR_SOCKS_PORT variables ## do not work flawlessly, due to an upstream bug in Tor Button: ## "TOR_SOCKS_HOST, TOR_SOCKS_PORT regression" ## https://gitlab.torproject.org/legacy/trac/-/issues/8336 TOR_SOCKS_HOST="10.152.152.10" TOR_SOCKS_PORT="9150"Now the file {{Code2|~/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js}} must be created. This presupposes Tor Browser has been installed as per step 1 and that a folder {{Code2|~/.tb/tor-browser}} exists. If Tor Browser was installed to another folder, the the path must be adjusted. {{Open File|filename= ~/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js }} Add.
user_pref("extensions.torbutton.use_privoxy", false);
user_pref("extensions.torbutton.settings_method", "custom");
user_pref("extensions.torbutton.socks_host", "10.152.152.10");
user_pref("extensions.torbutton.socks_port", 9100);
user_pref("network.proxy.socks", "10.152.152.10");
user_pref("network.proxy.socks_port", 9100);
user_pref("extensions.torbutton.custom.socks_host", "10.152.152.10");
user_pref("extensions.torbutton.custom.socks_port", 9100);
user_pref("extensions.torlauncher.control_host", "10.152.152.10");
user_pref("extensions.torlauncher.control_port", 9052);
Save.
Tor is now disabled in Tor Browser.
The process is now complete.
Double-click: start-tor-browser.desktop
Or
b) In the terminal, move to the Tor Browser folder.
{{CodeSelect|code=
cd ~/.tb/tor-browser/Browser
}}
Next, start Tor Browser.
{{CodeSelect|code=
./start-tor-browser
}}
'''2.''' Once Tor Browser is started, verify system-tor is disabled.
{{CodeSelect|code=
sudo systemctl status tor@default
}}
The output should be similar the following showing tor@default service is inactive-(dead).
tor@default.service - Anonymizing overlay network for TCP
Loaded: loaded (/lib/systemd/system/tor@default.service; static; vendor prese
Drop-In: /lib/systemd/system/tor@default.service.d
└─30_qubes.conf
Active: inactive (dead)
'''3.''' Next, reconfirm both system-tor and Tor (in Tor Browser) are not running.
'''Note:''' Output will show grep tor (command that was just run). This is of no concern. grep tor output: user 1053 0.0 0.0 12724 948 pts/1 S+ 20:22 0:00 grep tor{{CodeSelect|code= sudo ps aux {{!}} grep tor }} Output similar to the following shows system-tor is running. This indicates Tor over Tor prevention is '''Broken!''' Users should immediately stop using Tor Browser and seek advise on the [https://forums.{{project_clearnet}} {{project_name_short}} forums].
debian-+ 707 0.1 0.9 89320 36400 ? Ss 21:15 0:01 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0Done!
Internal Network
* "Name:" -> Whonix
Static
* "IP Address" - 10.152.152.12
* "Gateway" - 10.152.152.10
* "Network prefix length" -> 18
* "DNS 1" -> 10.152.152.10
* tap "Save"
option domain-name "whonix";
option domain-name-servers 10.152.152.10;
subnet 10.152.128.0 netmask 255.255.192.0 {
range 10.152.152.12 10.152.152.15;
option subnet-mask 255.255.192.0;
option broadcast-address 10.152.191.255;
option routers 10.152.152.10;
}
default-lease-time 600;
max-lease-time 7200;
Save.
Run.
{{CodeSelect|code=
sudo dpkg-reconfigure isc-dhcp-server
}}
and choose '''eth1''' as interface for the DHCP server to run on.
After this the DHCP server on workstation starts properly and the {{project_name_short}} Gateway is ready to serve a dynamic IP to the Android x86 {{project_name_workstation_short}}.