Page MenuHomePhabricator
Feed Advanced Search

Today

Patrick added a comment to T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
Fri, Apr 26, 12:59 PM · VirtualBox, usability, Whonix

Yesterday

Patrick updated the task description for T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
Thu, Apr 25, 11:09 AM · VirtualBox, usability, Whonix
Patrick updated the task description for T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
Thu, Apr 25, 11:08 AM · VirtualBox, usability, Whonix
Patrick updated the task description for T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
Thu, Apr 25, 11:08 AM · VirtualBox, usability, Whonix
HulaHoop added a comment to T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.

Issue was discussed by Libvirt devs on RedHat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1320263#c4
I even linked to a secure clipboard proposal that would have given a secure clipboard functionality by copying Qubes style interaction. It went no where and was closed as WONTFIX.

Thu, Apr 25, 4:01 AM · VirtualBox, usability, Whonix

Wed, Apr 24

Patrick renamed T720: post feature request for more secure clipboard sharing against VirtualBox and KVM from Better Clipboard and DragnDrop for Whonix to post feature request for more secure clipboard sharing against VirtualBox and KVM.
Wed, Apr 24, 10:17 AM · VirtualBox, usability, Whonix
Patrick updated the task description for T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
Wed, Apr 24, 10:07 AM · VirtualBox, usability, Whonix
Patrick updated the task description for T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
Wed, Apr 24, 10:04 AM · VirtualBox, usability, Whonix

Tue, Apr 23

Patrick triaged T908: copy Whonix VM images to Whonix-Host and set up during build as Normal priority.
Tue, Apr 23, 1:41 PM · build, VirtualBox, Whonix-Host, Whonix

Sun, Apr 14

Patrick closed T782: Change Settings in VirtualBox GW and WS - boot devices and audio as Resolved.

Awesome!

Sun, Apr 14, 4:59 PM · VirtualBox, Whonix 15, Whonix
TNTBOMBOM added a comment to T782: Change Settings in VirtualBox GW and WS - boot devices and audio.

yes it working

Sun, Apr 14, 4:58 PM · VirtualBox, Whonix 15, Whonix
Patrick updated subscribers of T782: Change Settings in VirtualBox GW and WS - boot devices and audio.

Does this work? @TNTBOMBOM

Sun, Apr 14, 3:32 PM · VirtualBox, Whonix 15, Whonix
Patrick closed T848: [VirtualBox] [FAILED] Failed to start Virtualbox guest utils. as Resolved.
Sun, Apr 14, 3:29 PM · vbox-disable-timesync, Whonix 15, Whonix, VirtualBox

Fri, Apr 12

Patrick closed T825: Add “Description” to whonix-vbox images as Resolved.

https://github.com/Whonix/whonix-developer-meta-files/commit/2a0064f4214e04a0f454fd1b29fe9f14c6629d2e

Fri, Apr 12, 3:43 PM · Whonix 15, VirtualBox, Whonix

Sat, Apr 6

Patrick edited projects for T720: post feature request for more secure clipboard sharing against VirtualBox and KVM, added: usability, VirtualBox; removed Whonix 15.
Sat, Apr 6, 5:05 PM · VirtualBox, usability, Whonix

Dec 7 2018

Patrick closed T881: remove attempts to hide CPU information from VM in VirtualBox as Resolved.
Dec 7 2018, 12:09 PM · build, VirtualBox, Whonix 15, Whonix 14, Whonix
Patrick removed a project from T530: CPU-induced latency Covert Channel Countermeasures: Whonix 15.
Dec 7 2018, 12:06 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
Patrick removed a project from T687: Supress VB error messages.: Whonix 15.
Dec 7 2018, 11:58 AM · build, VirtualBox, usability, Whonix
Patrick removed a project from T378: make vbox-disable-timesync compatible with guest additions from virtualbox CD: Whonix 15.
Dec 7 2018, 11:57 AM · enhancement, VirtualBox, Whonix, vbox-disable-timesync

Dec 3 2018

HulaHoop added a comment to T881: remove attempts to hide CPU information from VM in VirtualBox.

There's been research showing that trying to hide CPU information in a virtualizer is futile.

Dec 3 2018, 7:07 PM · build, VirtualBox, Whonix 15, Whonix 14, Whonix

Nov 28 2018

Patrick closed T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall? as Resolved.

This will be undone. Ticket:

Nov 28 2018, 7:44 AM · Whonix 14, Whonix, VirtualBox
Patrick triaged T881: remove attempts to hide CPU information from VM in VirtualBox as Normal priority.
Nov 28 2018, 7:43 AM · build, VirtualBox, Whonix 15, Whonix 14, Whonix
Patrick reopened T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall? as "Open".
Nov 28 2018, 7:40 AM · Whonix 14, Whonix, VirtualBox

Nov 22 2018

Patrick added a project to T825: Add “Description” to whonix-vbox images : Whonix 15.
Nov 22 2018, 10:59 AM · Whonix 15, VirtualBox, Whonix

Oct 1 2018

Patrick placed T848: [VirtualBox] [FAILED] Failed to start Virtualbox guest utils. up for grabs.
Oct 1 2018, 1:30 PM · vbox-disable-timesync, Whonix 15, Whonix, VirtualBox
Patrick changed the status of T848: [VirtualBox] [FAILED] Failed to start Virtualbox guest utils. from Open to testing-in-next-build-required.
Oct 1 2018, 1:28 PM · vbox-disable-timesync, Whonix 15, Whonix, VirtualBox
Patrick lowered the priority of T848: [VirtualBox] [FAILED] Failed to start Virtualbox guest utils. from High to Low.
Oct 1 2018, 1:26 PM · vbox-disable-timesync, Whonix 15, Whonix, VirtualBox

Sep 20 2018

Patrick triaged T848: [VirtualBox] [FAILED] Failed to start Virtualbox guest utils. as High priority.
Sep 20 2018, 9:19 AM · vbox-disable-timesync, Whonix 15, Whonix, VirtualBox

Sep 3 2018

TNTBOMBOM triaged T825: Add “Description” to whonix-vbox images as Normal priority.
Sep 3 2018, 5:30 PM · Whonix 15, VirtualBox, Whonix

Aug 27 2018

Patrick added a comment to T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?.

Regarding the spectre vulnerability and its effect on VirtualBox your input is desired. @dumbmouse

Aug 27 2018, 8:32 PM · Whonix 14, Whonix, VirtualBox
Patrick updated subscribers of T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?.

"Hiding CPU model is futile." Any reference for that? @HulaHoop

Aug 27 2018, 8:32 PM · Whonix 14, Whonix, VirtualBox

Jun 30 2018

Patrick closed T790: Reducing the size of raw files as Resolved.
Jun 30 2018, 12:34 PM · build, KVM, VirtualBox, Whonix, Whonix 15

Apr 30 2018

Onion_Knight added a comment to T790: Reducing the size of raw files.

virt-sparsify solution dropped because needs booting the image with qemu-system (not clean, to much unknown consequences, see attached ouptut).

Apr 30 2018, 3:50 PM · build, KVM, VirtualBox, Whonix, Whonix 15
Onion_Knight added a comment to T790: Reducing the size of raw files.
Apr 30 2018, 11:54 AM · build, KVM, VirtualBox, Whonix, Whonix 15

Apr 26 2018

Patrick triaged T790: Reducing the size of raw files as Normal priority.
Apr 26 2018, 9:25 AM · build, KVM, VirtualBox, Whonix, Whonix 15

Apr 6 2018

Patrick changed the status of T782: Change Settings in VirtualBox GW and WS - boot devices and audio from Open to testing-in-next-build-required.

https://github.com/Whonix/Whonix/pull/415

Apr 6 2018, 9:30 AM · VirtualBox, Whonix 15, Whonix
Patrick assigned T782: Change Settings in VirtualBox GW and WS - boot devices and audio to unman.
Apr 6 2018, 9:30 AM · VirtualBox, Whonix 15, Whonix

Mar 11 2018

Patrick closed T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall? as Resolved.
Mar 11 2018, 2:44 PM · Whonix 14, Whonix, VirtualBox

Mar 1 2018

HulaHoop added a comment to T550: Clock Drift Detection.

NB for the record: with qemu-ga a guest can still shut itself off via crafted input to the agent. So besides removing timer access to the guest, there was no other advantage to removing ACPI.

Mar 1 2018, 6:13 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

Actually we don't have to suspend the guest. Execution of any command on the host after resume is enough to create a uniqu event in the qemu-ga's log file.

Mar 1 2018, 4:34 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

The proper and direct way to use virsh to communicate with guest agent:

Mar 1 2018, 12:53 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

The YAJL parser used in libvirt is tiny, modern (written in2007) and has no CVEs. It is an SAX type event-driven parser unlike the vulnerable, top-down recursive descent type that was used in QEMU.

Mar 1 2018, 12:03 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 28 2018

HulaHoop added a comment to T550: Clock Drift Detection.

https://wiki.libvirt.org/page/Qemu_guest_agent

Feb 28 2018, 11:39 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

It turns out the QEMU guest agent warning was not relevant to those who use libvirt. With libvirt a safe parser is used. Breakouts can only happen if a process on the host is designed to parse guest input because there is no way to control that otherwise it should be safe for our uses. This potentially simplifies the design in many respects but a host package will still be needed. I will update the task list.

Feb 28 2018, 8:40 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

https://www.redhat.com/archives/libvirt-users/2018-February/msg00083.html
[libvirt-users] QEMU guest-agent safety in hostile VM?

Feb 28 2018, 7:40 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 23 2018

Patrick closed T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log) as Resolved.
Feb 23 2018, 2:41 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix

Feb 14 2018

HulaHoop added a comment to T550: Clock Drift Detection.

Yes there are less moving parts especially when multiple WSs share a GW. Some way to exempt timesync traffic from the WS would be needed though.

Feb 14 2018, 1:12 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 12 2018

Patrick added a comment to T550: Clock Drift Detection.

HulaHoop (HulaHoop):

HulaHoop added a comment.

With qemu-ga code the whole clock drift detection code becomes redundant. If a
suspend event is triggered the GW should assume clocks are out of sync and
trigger lockdown.

Feb 12 2018, 11:01 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

With qemu-ga code the hwclock drift detection code becomes redundant. If a suspend event is triggered the GW should assume clocks are out of sync and trigger lockdown.

Feb 12 2018, 5:23 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

Oops didn't realize ntpdate requires query of remote servers. ntpdate is obsolete anyhow but the newer clockdiff still talks to online servers instead of comparing local values. hwclock can give us that:

Feb 12 2018, 4:52 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
Patrick added a comment to T550: Clock Drift Detection.

It's a very good rehash!

Feb 12 2018, 10:43 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 11 2018

HulaHoop added a comment to T550: Clock Drift Detection.

@Patrick I wrote a rehash. If you think is too complicated, let me know. It was the simplest and most reliable way I could think of:

Feb 11 2018, 6:09 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 4 2018

Patrick added a comment to T550: Clock Drift Detection.

Didn't rehash. What's next here? Looks like we learned a lot, but then things stalled. Could you please rehash, and then create a follow-up ticket with the way forward? @HulaHoop

Feb 4 2018, 4:17 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
Patrick added a project to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log): Whonix 14.
Feb 4 2018, 4:11 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix

Jun 5 2017

Patrick added projects to T687: Supress VB error messages.: VirtualBox, build, Whonix 15.
Jun 5 2017, 3:00 PM · build, VirtualBox, usability, Whonix

Apr 13 2017

Patrick edited projects for T378: make vbox-disable-timesync compatible with guest additions from virtualbox CD, added: Whonix 15; removed Whonix 14.
Apr 13 2017, 11:14 AM · enhancement, VirtualBox, Whonix, vbox-disable-timesync
Patrick edited projects for T530: CPU-induced latency Covert Channel Countermeasures, added: Whonix 15; removed Whonix 14.
Apr 13 2017, 11:11 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Mar 10 2017

Patrick changed the status of T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall? from Open to Review.

Added. Not yet tested by me but will test in the next build.

Mar 10 2017, 2:01 AM · Whonix 14, Whonix, VirtualBox

Jan 22 2017

anonymous1 added a comment to T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?.

Works for me, hid my cpu name

Jan 22 2017, 8:23 AM · Whonix 14, Whonix, VirtualBox

Jan 21 2017

dumbmouse added a comment to T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?.

Here is a more limited version, but better for general distribution:

Jan 21 2017, 9:00 PM · Whonix 14, Whonix, VirtualBox

Jan 18 2017

Patrick added a comment to T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?.

Alright, great!

Jan 18 2017, 7:35 AM · Whonix 14, Whonix, VirtualBox
dumbmouse added a comment to T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?.

Actually I need to test this more. I will fine tune it and add another comment here in couple of days.

Jan 18 2017, 7:04 AM · Whonix 14, Whonix, VirtualBox
Patrick removed a project from T530: CPU-induced latency Covert Channel Countermeasures: Whonix 13.
Jan 18 2017, 7:00 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
Patrick updated subscribers of T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?.
Jan 18 2017, 6:30 AM · Whonix 14, Whonix, VirtualBox
Patrick added a comment to T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?.

Thanks! Without your research, this almost certainly would not have had a chance to make it into Whonix 14. Can you commit your changes to git please? (And/or create a github pull request?)

Jan 18 2017, 6:29 AM · Whonix 14, Whonix, VirtualBox
dumbmouse reopened T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall? as "Open".

After much research this is the best way to hide the CPU using VirtualBox:

Jan 18 2017, 5:59 AM · Whonix 14, Whonix, VirtualBox

Jan 17 2017

Patrick added a project to T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?: Whonix 14.

https://github.com/Whonix/Whonix/commit/6db3c345c80ee9841fcae57621cafbfcdd000a0f

Jan 17 2017, 11:02 AM · Whonix 14, Whonix, VirtualBox

Jan 13 2017

Patrick closed T593: document disk image mounting of VirtualBox vmdk disks as Resolved.

This was done by @TNTBOMBOM:

Jan 13 2017, 10:40 PM · user documentation, research, Whonix, VirtualBox
Patrick assigned T593: document disk image mounting of VirtualBox vmdk disks to TNTBOMBOM.
Jan 13 2017, 10:39 PM · user documentation, research, Whonix, VirtualBox

Jan 9 2017

Patrick created T593: document disk image mounting of VirtualBox vmdk disks.
Jan 9 2017, 2:00 AM · user documentation, research, Whonix, VirtualBox

Dec 28 2016

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Another LAN/Public wifi fingerprinting attack that Ethan's code can defeat:

Dec 28 2016, 2:08 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Nov 28 2016

HulaHoop added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

Done. Added io limit commits to open pull requests. Each vm can only use a maximum of 25% of the host io resources.

Nov 28 2016, 12:18 AM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

Nov 20 2016

Patrick added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

Yes.

Nov 20 2016, 5:07 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer
HulaHoop added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

Should limits be enforced for GW too?

Nov 20 2016, 4:16 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

Nov 19 2016

Patrick added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

HulaHoop (HulaHoop):

HulaHoop added a comment.

Though I agree with anonym's argument that resource exhaustion goes
against the purpose of advanced malware that wants to hide

Nov 19 2016, 6:51 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer
HulaHoop added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

Though I agree with anonym's argument that resource exhaustion goes against the purpose of advanced malware that wants to hide - I still looked at io limits in case you still think its valuable to set.

Nov 19 2016, 5:39 AM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

Nov 12 2016

Patrick added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

HulaHoop (HulaHoop):

HulaHoop added a comment.

There's a problem with setting this. SSD vs HDD io throughput is very different. What is reasonable for one will be excessive or too low for the other.
Nov 12 2016, 3:22 AM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer
HulaHoop added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

There's a problem with setting this. SSD vs HDD io throughput is very different. What is reasonable for one will be excessive or too low for the other.

Nov 12 2016, 12:20 AM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

Nov 11 2016

Patrick updated the task description for T12: virtualizer: enforce maximum system resources a virtual machine may use.
Nov 11 2016, 3:55 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer
Patrick updated the task description for T12: virtualizer: enforce maximum system resources a virtual machine may use.
Nov 11 2016, 3:54 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer
Patrick added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

blkiotune and iotune can restrict io (KVM only)

https://libvirt.org/formatdomain.html#elementsBlockTuning

Nov 11 2016, 3:45 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

Oct 11 2016

Patrick added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Looks like I overlooked python3-netfilterqueue-packager.

Oct 11 2016, 10:40 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Oct 1 2016

Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Also with 64bit compatibility this means the repo paths have changed.

Oct 1 2016, 5:31 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Yes it can stay as it is.

Oct 1 2016, 5:10 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix

Sep 30 2016

Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

That's great! So https://github.com/Whonix/whonix-gw-network-conf/blob/master/etc/network/interfaces.d/30_non-qubes-whonix can stay as is?

Sep 30 2016, 11:24 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Great news! This config works without hacks. You can keep 10.0.2.15 unchanged too. Turns out the gateway ip address was just called "ip address"...

Sep 30 2016, 9:36 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

No idea. But we should probably stay on the subnet we have.

Sep 30 2016, 5:05 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

OK I will try route but I need some help with commands.

Sep 30 2016, 4:58 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Seems like an awful hack. Last resort. If it somehow by some update (by ifupdown) is run after ifupdown, it breaks connectivity.

Sep 30 2016, 3:24 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

We're using ConditionVirtualization=kvm elsewhere already.(shared-folder-help systemd unit file) Should be doable to reuse it for the route command also.

Sep 30 2016, 5:19 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix

Sep 29 2016

Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

We're using ConditionVirtualization=kvm elsewhere already.
(shared-folder-help systemd unit file) Should be doable to reuse it for
the route command also.

Sep 29 2016, 11:03 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Can you redirect these packages using route? (Try in a Debian VM first to exclude Whonix firewall from interfering.)

Sep 29 2016, 10:41 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Can you redirect these packages using route? (Try in a Debian VM first to exclude Whonix firewall from interfering.)

Sep 29 2016, 7:33 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

A very ugly hack:

Sep 29 2016, 3:20 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Then we have reached an impasse because nothing I can put in the network configuration can change the gateway IP. Its not KVM's fault as its the norm to have gateway IPs of x.x.x.1 for a given subnet. Because some idiot on the VBox team chose .2 compatibility is impossible.

Sep 29 2016, 2:42 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

address 10.0.2.128
netmask 255.255.255.0

Sep 29 2016, 5:17 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).
address 10.0.2.128
netmask 255.255.255.0
gateway 10.0.2.1
Sep 29 2016, 3:10 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Looks like libvirt supports a gateway= keyword. Does that work?

Sep 29 2016, 2:50 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Looks like libvirt supports a gateway= keyword. Does that work?

Sep 29 2016, 2:31 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

address 10.0.2.15
netmask 255.255.252.0

Sep 29 2016, 2:28 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix