How to create a TailsOS standaloneVM inside QubesOS

I know TailsOS offers best privacy when it is booted into. However, I will be using TailsOS strictly for testing purposes.

I just tried creating a standalone qube with 2000 MB RAM, two virtual CPUs, and sys-net as its netqube. I tried “Boot qube from CD-ROM” in Qube Settings, and selected the tails-amd64-6.4.img. However, I am getting “Could not read the boot disk. No bootable device” error.

Is there a way to get TailsOS run as a standaloneVM inside Qubes? Similar to how PrestiumOS was back in the old times.

1 Like

You can try ISO image:
https://tails.net/install/dvd/index.en.html

1 Like

How do I fill-in the network settings inside TailsOS? So far I have tried inserting the various combinations of IP, Netmask, Gateway, DNS values into Gnome Network manager inside TailsOS, but no success.

How are you checking that network is not working?
Maybe Tails is blocking all network connections outside of Tor.
Did you connect your Tails qube to sys-whonix? In that case it’ll be Tor-over-Tor situation and it’s not supported and will not work.
You need to start Tor in Tails after configuring the network settings according to the guide:

Applications > Tor Settings. The tor connection doesn’t succeed.

No.


Here’s two pics for better communication:

tailsos_hvm_netqube

Can you type-out which Net qube settings (A, B, C, D, E) go into which fields (1, 2, 3, 4, 5, 6, 7, 8, 9, 10)?

Also, can you tell me whether (?a) and (?b) should stay enabled (as they are in the default) or should be disabled? Also, what is (?c) here?

I’ve used Fedora Live ISO for a test and this configuration worked for me there:
1 - A
2 - B
3 - C
a - off
4,5,6 - D,E (string 10.139.1.1,10.139.1.2)
b - on
7,8,9,10 - not set
c - unchecked

If a is off then you’ll be able to set custom DNS servers instead of the ones received from DHCP
If b is on then the connection routes will be added automatically
If c is checked then the connection won’t be used as default route

1 Like

Thanks, but even after inputting your suggestions, I am still unable to connect to the tor network from insdei TailsOS standaloneVM. I really doubt that my internet connection is blocking access to tor – this can’t be because I am writing this message from a Whonix DispVM, and my myriad other programs are running right now over the tor daemon.

Can you perhaps check your suggested settings with a TailsOS StandaloneVM instead of a Fedora one?

I gave it a try and with the same network configuration using ping and netcat between Tails and its net qube using tcpdump I can see that packets that are coming from Tails, received by net qube, reply sent from net qube to Tails and I can see the reply from net qube coming in eth0 interface in Tails but it’s not reaching the ping/netcat app in Tails.
So Tails is blocking the apps from receiving the packets, but I’m not sure what configuration in Tails is responsible for it (firewall/namespace/apparmor/etc?).

1 Like

So, you couldn’t get the TailsOS connect to Tor network as a standaloneVM, am I undestanding this right?

Yes.

1 Like

Is this a problem stemming from a QubesOS thing, or is this a TailsOS problem?

I guess it’s a Tails issue, because packets are coming from/to Tails, but received packets are dropped somewhere inside Tails.

2 Likes

Has anyone find a solution to this. I am having the exact issue.

1 Like

I’ve never experienced this unless something in 6.6 changed. The above has, and still works, for me, as also described here:

Did you disable IPv6?

A goes in 1, B in 2, C in 3, for DNS just put in 10.139.1.1, don’t put in the second DNS for a test, turn off automatic DNS

Turn off automatic routes and just leave it blank. If IPv6 isn’t disabled, it doesn’t connect.

If you are using a VM that is a wireguard VM, and disabling IPv6 doesn’t work, then try making the Tails MTU lower than the wireguard MTU.

If you can start an HVM with Tails OS iso and connect to Tor than I do suggest a Ventoy Template with all iso’s and disk images you need. I had one for years. I’m not a fan of Tails and I consider it TOXIC so I have only 3 older images and iso. None of them are current.

Thank you @kenosen for your response. I tried to follow the installation but now I am getting stuck at
qvm-run -p dispVM "sudo cat /dev/vxdi" | sudo dd status=progress of=/dev/mapper/qubes_dom0-vm--tails-vm-root

dd: writing to '/dev/mapper/qubes_dom0-vm--tails-vm-root': No space left on device
8193+0 records in 
8192+0 records out
4194304 bytes (4.2 MB, 4.0 MiB) copied, 0.387461 s, 10.8MB/s

I am using a 32GB usb
when i do lsblk in dispVM I see
vxdi 29.9G
vxdi1 8G
vxdi2 21.9

Just to be safe, I even increased the storage in tails-vm qube

private  storage max size = 33GB
system storage max size = 33GB

Tried with exact sizes too. but still the same issue :frowning:

Isn’t that an internal vm partition? You should have a tails USB, attach that USB to the disposable, and then you’d be looking for /dev/sda or perhaps /dev/sdb whichever is the mount point of the USB drive.

Would love to see that in the community guides! A great idea.

Hi @kenosen
internal vm partition was the correct path. I was missing a “-” in to link to the correct root for my tails-vm tails--vm--root

qvm-run -p dispVM "sudo cat /dev/vxdi" | sudo dd status=progress of=/dev/mapper/qubes_dom0-vm--tails--vm--root

Ok it installed. Now the next issue is still network access. argh. its a life long battle.

I tried the following things so far.
Qubes Manager

Net qube: sys-firewall & sys-net

Inside Tails

IPv6: Disable
IPv4: 
* Settings from qube net (Qubes Manager)
* Manual IP, Gateway, Subnet, DNS

it shows that i am “connected” but it cant ping the gateway.

1 Like