Qubes-corridor-Gateway (a Tor traffic whitelisting gateway) #2108
Comments
andrewdavidwong
added
enhancement
C: other
P: major
|
I guess there could be a setup where the Whonix gateway first connects to the network directly, then a corridor VM with logging enabled is started which connects to the Whonix gateway's control port via qrexec (to subscribe to Tor consensus updates), and finally the corridor VM is made the Whonix gateways's netvm. Otherwise a second Tor daemon would have to run on the computer, inside the corridor VM. Not sure though if many people would be interested in using such a thing, even I prefer to have corridor running on my Wifi router... |
|
Rusty Bird:
Not good, since this would not catch theoretical leaks during Tor Also I don't think Qubes is technically able to do that yet. I think
Yes. I am not so much worried about a second Tor daemon in a corridor VM. An implementation that uses the same Tor daemon from sys-whonix sounds a
Dunno. I would. Perhaps not many indeed. But those who do,
Also very useful indeed. Btw did you use corridor to audit TBB, Tails, |
What do you mean? Just now I created a test VM (in Qubes 3.1) connected to a Whonix gw VM, downloaded something over Tor, changed the running test VM's netvm to sys-firewall in Qubes VM Manager, and downloaded something over clearnet. Or actually, the router blocked and logged the latter attempt. B-)
Ah, okay.
Well, my half-assed proposal from before definitely was :)... But there's a new commit rustybird/corridor@d925e91 which makes corridor save every consensus to disk; at the next start, this state file is used to initially populate the ipset, which should be good enough to let the client VM's tor daemon connect to its guards and from then on supply consensus updates. (Only the very first start of corridor after installing would have to be done unprotected in this scheme.)
Audit no, but I regularly use Qubes-Whonix through corridor. Happy to report no leaks observed, ever. And it did catch some stuff during https://github.com/rustybird/orplug development, so I can see how it might be useful for Whonix development too. I'll try to set up something in the next few days. |
|
Work in progress:
I confused that. There is (or was) some related bug that a VMs NetVM cannot be restarted. (If restarted using "sudo poweroff" and manual restart, there will be no longer networking.) Anyone know which ticket I mean?
Please elaborate. |
https://github.com/rustybird/corridor/tree/qubes/qubes But it looks like we're blocked by #1555. |
|
@adrelanos was right, it didn't turn out to be a blocker and Qubes support has landed in master: https://github.com/rustybird/corridor#qubes |
|
Instructions are now ready for testing: |
|
https://www.whonix.org/blog/using-corridor-tor-traffic-whitelisting-gateway-qubes-whonix There are instructions now on how to set up a sys-corridor VM in Qubes: So I think this is closeable. Feel free to create new tickets if there is more interest. |
Network management software should order itself after network-pre.target (man 7 systemd.special) so that other units can order themselves before the *beginning* of network initialization. (qubes-misc-post too because it calls setup-ip.) Relevant for QubesOS/qubes-issues#2108 (cherry picked from commit ca03e09)
corridor, a Tor traffic whitelisting gateway
https://github.com/rustybird/corridor
Since @rustybird are also a Qubes user... What about Qubes-corridor-Gateway VM? Whatever you may feel like implementing.
The text was updated successfully, but these errors were encountered: