DeepOnion Wallet In Tails Persistent Volume

tails.png

Posted below are chapters 3-5 of the tutorial “DeepOnion in Tails persistent volume” that covers configuring DeepOnion into a Tails encrypted persistence. Building from source and creating the AppImage (credit: @thxminer) in Tails are not included here as are merely tailored versions of the unix build and QT packaging instructions. For building DeepOnion in Tails from scratch please refer to the full tutorial published on GitHub, this is however not a requirement for installation.

Disclaimer: This is only one example of configuring DeepOnion in Tails, any suggestions or improvements to the configuration are more than welcome. This method has been tested in Tails from source as well as with downloaded AppImages but should otherwise be considered experimental and relevant warnings should be taken into account. Please only test with the correct version of Tails: the latest version. As of posting this is Tails 3.5. Testing and feedback is appreciated.

Source: DeepOnion in Tails persistent volume · GitHub

Chapters

  1. Building from source into persistent volume
  2. Creating AppImage in the persistent volume
  3. Configuring firewall and data directory
  4. Creating bash script for auto-configuring executable
  5. Launching DeepOnion in Tails Live

DeepOnion in Tails persistent volume​

Tails is an amnesic live operating system that aims to preserve your privacy and anonymity. It is a Linux Debian distribution configured to follow several security measures including sending all internet traffic through the Tor network. The following tutorial documents how to build DeepOnion in Tails, create an AppImage, configure the amnesic system to whitelist the DeepOnion application, as well as creating a bash script to automate this configuration in Live sessions.

To install the DeepOnion QT wallet in Tails you will need a persistent volume configured with Personal Data and GnuPG enabled. You can build deeponion in Tails and create an AppImage or download the image and configure Tails to use it instead. This process has been tested with DeepOnion 1.5.5 in Tails 3.5, it may not work for newer versions.

Please read: Warnings about persistence before continuing. Downloading and executing the DeepOnion pacakaged image is at your own risk, as is configuring the firewall from the default Tails configuration.

Configuring firewall and data directory

If you have downloaded the AppImage or produced it in another system then create the directory deeponion/dist in the persistent volume and copy the image to this folder before proceeding with configuration instructions.

Ferm is a tool to maintain complex firewalls, without having the trouble to rewrite the complex rules over and over again. ferm allows the entire firewall rule set to be stored in a separate file, and to be loaded with one command. The firewall configuration resembles structured programming-like language, which can contain levels and lists.

  1. Access ferm firewall configuration that manages whitelisted application connections in Tails:
    sudo nano /etc/ferm/ferm.conf
  2. Enter the following lines to the list to enable SOCKS5 listening port 9081:
    # White-list access to DeepOnion
    daddr 127.0.0.1 proto tcp syn dport 9081 {
    mod owner uid-owner $amnesia_uid ACCEPT;
    }
  3. Restart ferm’s firewall configuration to register update:
    sudo ferm /etc/ferm/ferm.conf
  4. Create the data directory .DeepOnion in persistent volume:
    mkdir -p /home/amnesia/Persistent/.DeepOnion
  5. Launch with torsocks and data target option:
    cd ~/Persistent/deeponion/dist
    torsocks ./DeepOnion_wallet-x86_64.AppImage -datadir=/home/amnesia/Persistent/.DeepOnion

Note: You will additionally need a DeepOnion.conf file to place in the .DeepOnion directory.

Creating bash script for auto-configuring executable

The bash script, as before, will overwrite the amnesic firewall configuration to enable the socks listening port then launch DeepOnion with torsocks wrapping to authorize the connection to the Tor network.

  1. Copy the config file from the amnesic file system to persistent volume:
    sudo mkdir -p /home/amnesia/Persistent/.DeepOnion/ferm
    sudo cp /etc/ferm/ferm.conf /home/amnesia/Persistent/.DeepOnion/ferm/ferm.conf
  2. Create new file in /deeponion directory named DeepOnion-Tails and input this data:
    #!/bin/bash
    sudo cp /home/amnesia/Persistent/.DeepOnion/ferm/ferm.conf /etc/ferm/ferm.conf
    sudo ferm /etc/ferm/ferm.conf
    cd /home/amnesia/Persistent/deeponion/dist/
    torsocks ./DeepOnion_wallet-x86_64.AppImage -datadir=/home/amnesia/Persistent/.DeepOnion
  3. Make file executeable and launch DeepOnion-Tails:
    cd ../
    chmod +x DeepOnion-Tails
    ./DeepOnion-Tails

Launching DeepOnion in Tails Live

On rebooting Tails will return to it’s default live state with the blockchain and wallet data saved in the persistent volume. Thanks to the dependencies included in the AppImage, that have been wiped from the amnesic system after shutting down, we can now execute DeepOnion in Tail’s native environment without further installation.

To launch DeepOnion we unlock our persistent volume and run the DeepOnion-Tails executable:
./Persistent/deeponion/DeepOnion-Tails

Note: You will be prompted for your admin password in order for the executable to configure the firewall configuration. DeepOnion is otherwise launched from the amnesic user. Do not execute with root privileges.

deeponion-tails.png

Source: GitHub | DeepOnion thread

Advertisements

Author: Dragon vs Linux

The Dragon is a newly found Linux fanatic. Beginning like any basic Linux user, after many years learning and fixing basic problems, the Dragon now writes manuals for Linux solutions and acts as an informal consultant to friends and businesses.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s