Attention: In-Place Upgrades to Whonix 14 NOT Supported


For the upcoming Whonix 14 you must download (or build) the new version and apply the newer install instructions. Updating through apt will break your connectivity. There have been necessary major changes made to Whonix KVM’s virtual network configuration.

Besides removing Whonix 13 images, you must also remove the ‘Whonix’ internal network to avoid conflicts with importing Whonix 14 network settings.

Virtual Manager -> Edit -> Connection Details -> Virtual Networks

I don’t believe in shielding users from technical explanations so long story:

It was discovered that the dhcpclient on the Gateway listened on all network interfaces including the untrusted internal network. Also there is no way to firewall access to the dhcpclient since it uses raw sockets that bypass IPTables. There is no way around that this behavior so we decided to remove the package completely to eliminate attack surface. In absence of DHCP we had to use static IPs in Whonix VBox and KVM. The virtual NAT network that Whonix Gateway uses to connect to the outside world has different IP ranges differs from hypervisor to the other so I had to change the external networks static gateway IP to conform to what VBox was using (because VBox users are special and can’t use the commandline while for us KVM users its a matter of running an extra couple of commands)…