TorVirt/README.md

# TorVirt
[Whonix](https://www.whonix.org)-like setup with a [libvirt](https://libvirt.org) workstation and a [podman](https://podman.io) container as the [Tor](https://torproject.org) gateway.

![TorVirt illustration digram](images/diagram.svg)

## What are the advantage of this project over original Whonix ?
Whonix uses one VM for the workstation and another VM for the Tor gateway. This can be costly in terms of performance and resource usage. TorVirt improves on this by running the gateway in a lightweight container instead of a full VM.

## Is it as secure as Whonix ?
Containers share the same kernel as the host. This means that if someone manages to exploit a bug in software present in the container (such as the tor daemon) and then uses a vulnerability in the kernel, they could gain access to the host's operating system. To mitigate this risk, some measures have been put in place:
- The gateway container is created using podman in rootless mode
- The container runs with all capabilities dropped (`--cap-drop=ALL`)
- Container processes cannot gain additional privileges (`--security-opt=no-new-privileges`)
- The entry point is executed with normal user privileges

The risk on the workstation side depends on the guest OS, on the hypervisor used and on the interactions between the host and the VM (filesystem sharing, hardware passthrough, etc.)

# Use it !

Install dependencies (debian-based):
```
sudo apt-get install libvirt-daemon libvirt-clients podman
```

## Download
```
git clone --depth=1 https://forge.chapril.org/hardcoresushi/TorVirt.git
```
All commits should be signed with my OpenPGP key available on keyservers. You can import it like this:
```
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys AFE384344A45E13A
```
Fingerprint: `B64E FE86 CEE1 D054 F082  1711 AFE3 8434 4A45 E13A` \
Email: `Hardcore Sushi <hardcore.sushi@disroot.org>`

Once imported, verify the latest commit:
```
cd TorVirt
git verify-commit HEAD
```
This must show you something like:
```
gpg: Signature made <date> CET
gpg:                using RSA key B64EFE86CEE1D054F0821711AFE384344A45E13A
gpg: Good signature from "Hardcore Sushi <hardcore.sushi@disroot.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: B64E FE86 CEE1 D054 F082  1711 AFE3 8434 4A45 E13A
```
**Do not continue if the verification fails !**

## Setup
```
./torvirt configure
```

## Create the workstation
You can create the workstation VM any way you like, with any OS, but you must select *torvirt* as the network. You can use [virt-manager](https://virt-manager.org) GUI to do it easily.

Make sure that *torvirt* is the only network configured for the VM, otherwise leaks may occur.

## Start
Start the gateway:
```
./torvirt start
```

Start the workstation !
TorVirt 2023-05-25 22:12:53 +02:00			`# TorVirt`
New diagram 2023-05-28 22:27:17 +02:00			`[Whonix](https://www.whonix.org)-like setup with a [libvirt](https://libvirt.org) workstation and a [podman](https://podman.io) container as the [Tor](https://torproject.org) gateway.`
Genesis 2021-03-26 13:56:53 +01:00
New diagram 2023-05-28 22:27:17 +02:00			`![TorVirt illustration digram](images/diagram.svg)`
Genesis 2021-03-26 13:56:53 +01:00
New diagram 2023-05-28 22:27:17 +02:00			`## What are the advantage of this project over original Whonix ?`
			`Whonix uses one VM for the workstation and another VM for the Tor gateway. This can be costly in terms of performance and resource usage. TorVirt improves on this by running the gateway in a lightweight container instead of a full VM.`
Genesis 2021-03-26 13:56:53 +01:00
			`## Is it as secure as Whonix ?`
New diagram 2023-05-28 22:27:17 +02:00			`Containers share the same kernel as the host. This means that if someone manages to exploit a bug in software present in the container (such as the tor daemon) and then uses a vulnerability in the kernel, they could gain access to the host's operating system. To mitigate this risk, some measures have been put in place:`
			`- The gateway container is created using podman in rootless mode`
			- The container runs with all capabilities dropped (`--cap-drop=ALL`)
			- Container processes cannot gain additional privileges (`--security-opt=no-new-privileges`)
			`- The entry point is executed with normal user privileges`
Genesis 2021-03-26 13:56:53 +01:00
Explain workstation risks 2023-05-31 10:46:29 +02:00			`The risk on the workstation side depends on the guest OS, on the hypervisor used and on the interactions between the host and the VM (filesystem sharing, hardware passthrough, etc.)`

Genesis 2021-03-26 13:56:53 +01:00			`# Use it !`

			`Install dependencies (debian-based):`
			```
Explain workstation risks 2023-05-31 10:46:29 +02:00			`sudo apt-get install libvirt-daemon libvirt-clients podman`
Genesis 2021-03-26 13:56:53 +01:00			```

New diagram 2023-05-28 22:27:17 +02:00			`## Download`
Genesis 2021-03-26 13:56:53 +01:00			```
Fix README.md 2023-05-28 23:19:44 +02:00			`git clone --depth=1 https://forge.chapril.org/hardcoresushi/TorVirt.git`
Genesis 2021-03-26 13:56:53 +01:00			```
			`All commits should be signed with my OpenPGP key available on keyservers. You can import it like this:`
			```
New diagram 2023-05-28 22:27:17 +02:00			`gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys AFE384344A45E13A`
Genesis 2021-03-26 13:56:53 +01:00			```
New diagram 2023-05-28 22:27:17 +02:00			Fingerprint: `B64E FE86 CEE1 D054 F082 1711 AFE3 8434 4A45 E13A` \
Genesis 2021-03-26 13:56:53 +01:00			Email: `Hardcore Sushi <hardcore.sushi@disroot.org>`

			`Once imported, verify the latest commit:`
			```
Fix README.md 2023-05-28 23:19:44 +02:00			`cd TorVirt`
Genesis 2021-03-26 13:56:53 +01:00			`git verify-commit HEAD`
			```
New diagram 2023-05-28 22:27:17 +02:00			`This must show you something like:`
Genesis 2021-03-26 13:56:53 +01:00			```
			`gpg: Signature made <date> CET`
New diagram 2023-05-28 22:27:17 +02:00			`gpg: using RSA key B64EFE86CEE1D054F0821711AFE384344A45E13A`
Genesis 2021-03-26 13:56:53 +01:00			`gpg: Good signature from "Hardcore Sushi <hardcore.sushi@disroot.org>" [unknown]`
			`gpg: WARNING: This key is not certified with a trusted signature!`
			`gpg: There is no indication that the signature belongs to the owner.`
New diagram 2023-05-28 22:27:17 +02:00			`Primary key fingerprint: B64E FE86 CEE1 D054 F082 1711 AFE3 8434 4A45 E13A`
Genesis 2021-03-26 13:56:53 +01:00			```
New diagram 2023-05-28 22:27:17 +02:00			`Do not continue if the verification fails !`
Genesis 2021-03-26 13:56:53 +01:00
New diagram 2023-05-28 22:27:17 +02:00			`## Setup`
Genesis 2021-03-26 13:56:53 +01:00			```
Fix README.md 2023-05-28 23:19:44 +02:00			`./torvirt configure`
Genesis 2021-03-26 13:56:53 +01:00			```

			`## Create the workstation`
New diagram 2023-05-28 22:27:17 +02:00			`You can create the workstation VM any way you like, with any OS, but you must select torvirt as the network. You can use [virt-manager](https://virt-manager.org) GUI to do it easily.`
Genesis 2021-03-26 13:56:53 +01:00
New diagram 2023-05-28 22:27:17 +02:00			`Make sure that torvirt is the only network configured for the VM, otherwise leaks may occur.`
Genesis 2021-03-26 13:56:53 +01:00
New diagram 2023-05-28 22:27:17 +02:00			`## Start`
			`Start the gateway:`
Genesis 2021-03-26 13:56:53 +01:00			```
Fix README.md 2023-05-28 23:19:44 +02:00			`./torvirt start`
Genesis 2021-03-26 13:56:53 +01:00			```

New diagram 2023-05-28 22:27:17 +02:00			`Start the workstation !`