Whonix-like setup using Raspberry Pi 2

Mirimir mirimir@riseup.net
Wed Apr 15 13:09:15 PDT 2015

I've implemented physical isolation of networking (VPN plus Tor) and
workspace, using two Raspberry Pi 2 Model B v1.1 ARM-based
microcomputers.[0] Missing packages in Raspbian wheezy prevent building
Whonix on the Pi, and so I've replicated basic design features.

The gateway Pi connects to the Tor network through a VPN service, and
then reaches the Internet through Tor. Firewall rules allow outgoing
connections on WAN (eth0) only to the VPN servers, Raspbian wheezy
repository servers and NTP timeservers. No DNS servers are reachable via
WAN (eth0) and so all needed IPs are provided locally. Firewall rules
allow outgoing connections on the VPN tunnel interface (tun0) only by
the Tor client process. The Tor Browser and other apps on the workspace
Pi can reach the Internet only through the Tor client process on the
gateway Pi.

Both gateway and workspace employ full-disk encryption, using standard
Linux dm-crypt/LUKS plus LVM2. The LUKS volume on the gateway Pi can
only be unlocked via SSH (dropbear) from the workspace Pi. That protects
VPN credentials and any Tor hidden-service keys while the gateway Pi is

Next steps will include adding apps to the workspace, and hardening. I'm
looking at EMF shielding both networking Pi and workspace Pi, and
embedding the boards in Arctic Alumina.[1] The gateway Pi will have no
exposed USB or HDMI ports, just power and the two ethernet ports. And of
course, I'll test for leaks, both networking and EMF side-channel.[2]
Firmware flashing is another vulnerability that needs to be addressed.

I'd appreciate feedback, criticism and suggestions.


More information about the cypherpunks mailing list