Previous Page

nihilist@mainpc - 2024-03-10

Whonix QEMU Setup

Whonix is an open-source OS made specifically for general anonymous activities. In this tutorial we're going to set it up using the QEMU virtualization setup we installed previously.

TODO: setups where 1) isp doesnt allow tor traffic 2) isp doesnt allow tor, nor vpns, 3) setup where the destination website doesnt allow tor traffic

Initial Setup

Make sure that you have setup the QEMU / virt-viewer setup we described in this earlier tutorial

Then install download the whonix VMS as follows:

First go here to download whonix for qemu,

Then extract the .xz file where you want the image to be at:

[ ] [ nowhere ] [~/Downloads]
→ mv Whonix-XFCE- /mnt/VAULT/VMs/

[ ] [ nowhere ] [~/Downloads]
→ cd /mnt/VAULT/VMs/

[ ] [ nowhere ] [VAULT/VMs]
→ tar -xvf Whonix-XFCE-

[ ] [ nowhere ] [VAULT/VMs]

[ ] [ nowhere ] [VAULT/VMs]
→ ls -lash
total 7.9G
4.0K drwxr-xr-x 2 nothing nothing 4.0K Dec 29 20:10 .
4.0K drwxr-xr-x 4 nothing nothing 4.0K Dec 29 20:09 ..
 40K -rw-r--r-- 1 nothing nothing  39K Oct 21  2015 WHONIX_BINARY_LICENSE_AGREEMENT
   0 -rw-r--r-- 1 nothing nothing    0 Dec 29 20:10 WHONIX_BINARY_LICENSE_AGREEMENT_accepted
8.0K -rw-r--r-- 1 nothing nothing 4.1K Oct 21  2015 WHONIX_DISCLAIMER
4.0K -rw-r--r-- 1 nothing nothing  172 Oct 21  2015 Whonix_external_network-
2.7G -rw-r--r-- 1 nothing nothing 101G Oct 21  2015 Whonix-Gateway-XFCE-
4.0K -rw-r--r-- 1 nothing nothing 2.3K Oct 21  2015 Whonix-Gateway-XFCE-
4.0K -rw-r--r-- 1 nothing nothing   97 Oct 21  2015 Whonix_internal_network-
3.8G -rw-r--r-- 1 nothing nothing 101G Oct 21  2015 Whonix-Workstation-XFCE-
4.0K -rw-r--r-- 1 nothing nothing 2.3K Oct 21  2015 Whonix-Workstation-XFCE-
1.4G -rw-r--r-- 1 nothing nothing 1.4G Dec 29 20:06 Whonix-XFCE-

So now we have the qcow2 files (take note that it can), so we can proceed following the instructions:

[ ] [ nowhere ] [VAULT/VMs]
→ vim Whonix-Gateway-XFCE-

[ ] [ nowhere ] [VAULT/VMs]
→ cat Whonix-Gateway-XFCE- | grep VAULT
      <source file='/mnt/VAULT/VMs/Whonix-Gateway-XFCE-'/>

[ ] [ nowhere ] [VAULT/VMs]
→ vim Whonix-Workstation-XFCE-

[ ] [ nowhere ] [VAULT/VMs]
→ cat Whonix-Workstation-XFCE- | grep VAULT
      <source file='/mnt/VAULT/VMs/Whonix-Workstation-XFCE-'/>

[ ] [ nowhere ] [VAULT/VMs]
→ sudo virsh -c qemu:///system net-define Whonix_external*.xml
[sudo] password for nothing:
Network Whonix-External defined from Whonix_external_network-

[ ] [ nowhere ] [VAULT/VMs]
→ sudo virsh -c qemu:///system net-define Whonix_internal*.xml
Network Whonix-Internal defined from Whonix_internal_network-

[ ] [ nowhere ] [VAULT/VMs]
→  sudo virsh -c qemu:///system net-autostart Whonix-External
Network Whonix-External marked as autostarted

[ ] [ nowhere ] [VAULT/VMs]
→ sudo virsh -c qemu:///system net-start Whonix-External
Network Whonix-External started

[ ] [ nowhere ] [VAULT/VMs]
→ sudo virsh -c qemu:///system net-autostart Whonix-Internal
Network Whonix-Internal marked as autostarted

[ ] [ nowhere ] [VAULT/VMs]
→ sudo virsh -c qemu:///system net-start Whonix-Internal
Network Whonix-Internal started

[ ] [ nowhere ] [VAULT/VMs]
→ sudo virsh -c qemu:///system define Whonix-Gateway*.xml
Domain 'Whonix-Gateway' defined from Whonix-Gateway-XFCE-

[ ] [ nowhere ] [VAULT/VMs]
→ sudo virsh -c qemu:///system define Whonix-Workstation*.xml
Domain 'Whonix-Workstation' defined from Whonix-Workstation-XFCE-

make sure you give them 4gb of RAM before launching them, then launch them:

[nihilist@nowhere VMs]$ cat Whonix-Gateway.xml | grep KiB
  <memory dumpCore="off" unit="KiB">2097152
  <currentMemory unit="KiB">2097152
[nihilist@nowhere VMs]$ cat Whonix-Workstation.xml | grep KiB
  <memory dumpCore="off" unit="KiB">4194304
  <currentMemory unit="KiB">4194304

we can automate the VM startup procedure with a simple bashscript like so :

[nihilist@nowhere VMs]$ cat 

#remove VMs

sudo virsh -c qemu:///system destroy Whonix-Gateway
sudo virsh -c qemu:///system destroy Whonix-Workstation
sudo virsh -c qemu:///system undefine Whonix-Gateway
sudo virsh -c qemu:///system undefine Whonix-Workstation
sudo virsh -c qemu:///system net-destroy Whonix-External
sudo virsh -c qemu:///system net-destroy Whonix-Internal
sudo virsh -c qemu:///system net-undefine Whonix-External
sudo virsh -c qemu:///system net-undefine Whonix-External

echo '[+] VMs removed, re-install them ? (ctrl+c to exit)'

#install VMs

sudo virsh -c qemu:///system net-define Whonix_external*.xml
sudo virsh -c qemu:///system net-define Whonix_internal*.xml
sudo virsh -c qemu:///system net-autostart Whonix-External
sudo virsh -c qemu:///system net-start Whonix-External
sudo virsh -c qemu:///system net-autostart Whonix-Internal
sudo virsh -c qemu:///system net-start Whonix-Internal
sudo virsh -c qemu:///system define Whonix-Gateway.xml
sudo virsh -c qemu:///system define Whonix-Workstation.xml

You can run it like so:

[nihilist@nowhere VMs]$ chmod +x 
[nihilist@nowhere VMs]$ ./ 
[sudo] password for nihilist: 
Domain 'Whonix-Gateway' destroyed

Domain 'Whonix-Workstation' destroyed

Domain 'Whonix-Gateway' has been undefined

Domain 'Whonix-Workstation' has been undefined

Network Whonix-External destroyed

Network Whonix-Internal destroyed

Network Whonix-External has been undefined

error: failed to get network 'Whonix-External'
error: Network not found: no network with matching name 'Whonix-External'

[+] VMs removed, re-install them ? (ctrl+c to exit)

Network Whonix-External defined from Whonix_external_network-

error: Failed to define network from Whonix_internal_network-
error: operation failed: network 'Whonix-Internal' already exists with uuid 878828d6-fd1f-49ac-9d0c-9c829c414b80

Network Whonix-External marked as autostarted

Network Whonix-External started

Network Whonix-Internal marked as autostarted

Network Whonix-Internal started

Domain 'Whonix-Gateway' defined from Whonix-Gateway.xml

Domain 'Whonix-Workstation' defined from Whonix-Workstation.xml

Basic Whonix Usage

So now you can compatmentalize your anonymous usage in a separate VM by using the tor browser there, along with keepass and monero:

You can open Onion Circuits on the gateway VM to view the tor connections being built up in real time like so :

And inside the Workstation VM you can browse Tor, and use Keepass just like in the previous tutorial:

you can also use monero (take note that the default sudo password in whonix is "changeme", so dont forget to change it):

[workstation user ~]% passwd
[workstation user ~]% sudo apt install monero -y
[workstation user ~]% monero-wallet-cli


Until there is Nothing left.

About nihilist

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8

Contact: (PGP)