How to create a TailsOS standaloneVM inside QubesOS

tanky0u · June 29, 2024, 10:39am

I know TailsOS offers best privacy when it is booted into. However, I will be using TailsOS strictly for testing purposes.

I just tried creating a standalone qube with 2000 MB RAM, two virtual CPUs, and sys-net as its netqube. I tried “Boot qube from CD-ROM” in Qube Settings, and selected the tails-amd64-6.4.img. However, I am getting “Could not read the boot disk. No bootable device” error.

Is there a way to get TailsOS run as a standaloneVM inside Qubes? Similar to how PrestiumOS was back in the old times.

apparatus · June 29, 2024, 11:54am

You can try ISO image:
https://tails.net/install/dvd/index.en.html

tanky0u · June 29, 2024, 1:19pm

How do I fill-in the network settings inside TailsOS? So far I have tried inserting the various combinations of IP, Netmask, Gateway, DNS values into Gnome Network manager inside TailsOS, but no success.

apparatus · June 29, 2024, 2:54pm

How are you checking that network is not working?
Maybe Tails is blocking all network connections outside of Tor.
Did you connect your Tails qube to sys-whonix? In that case it’ll be Tor-over-Tor situation and it’s not supported and will not work.
You need to start Tor in Tails after configuring the network settings according to the guide:

tanky0u · June 30, 2024, 9:27am

Applications > Tor Settings. The tor connection doesn’t succeed.

No.

Here’s two pics for better communication:

tailsos_hvm_netqube

Can you type-out which Net qube settings (A, B, C, D, E) go into which fields (1, 2, 3, 4, 5, 6, 7, 8, 9, 10)?

Also, can you tell me whether (?a) and (?b) should stay enabled (as they are in the default) or should be disabled? Also, what is (?c) here?

apparatus · June 30, 2024, 10:02am

I’ve used Fedora Live ISO for a test and this configuration worked for me there:
1 - A
2 - B
3 - C
a - off
4,5,6 - D,E (string 10.139.1.1,10.139.1.2)
b - on
7,8,9,10 - not set
c - unchecked

If a is off then you’ll be able to set custom DNS servers instead of the ones received from DHCP
If b is on then the connection routes will be added automatically
If c is checked then the connection won’t be used as default route

tanky0u · June 30, 2024, 10:15am

Thanks, but even after inputting your suggestions, I am still unable to connect to the tor network from insdei TailsOS standaloneVM. I really doubt that my internet connection is blocking access to tor – this can’t be because I am writing this message from a Whonix DispVM, and my myriad other programs are running right now over the tor daemon.

Can you perhaps check your suggested settings with a TailsOS StandaloneVM instead of a Fedora one?

apparatus · June 30, 2024, 10:40am

I gave it a try and with the same network configuration using ping and netcat between Tails and its net qube using tcpdump I can see that packets that are coming from Tails, received by net qube, reply sent from net qube to Tails and I can see the reply from net qube coming in eth0 interface in Tails but it’s not reaching the ping/netcat app in Tails.
So Tails is blocking the apps from receiving the packets, but I’m not sure what configuration in Tails is responsible for it (firewall/namespace/apparmor/etc?).

tanky0u · June 30, 2024, 10:44am

So, you couldn’t get the TailsOS connect to Tor network as a standaloneVM, am I undestanding this right?

apparatus · June 30, 2024, 10:51am

Yes.

tanky0u · June 30, 2024, 10:53am

Is this a problem stemming from a QubesOS thing, or is this a TailsOS problem?

apparatus · June 30, 2024, 10:54am

I guess it’s a Tails issue, because packets are coming from/to Tails, but received packets are dropped somewhere inside Tails.