I then set my sys-whonix vm to connect through the sys-vpn and it works perfectly.
Now I wish to take it a few steps further. I have my socks5 connection info from my VPN provider. What is the best practice for using socks5? Do I simply update my existing openvpn-config in my sys-vpn vm to use the socks5 connection instead of the regular one?
Also, I’ve been reading about obfs4 bridges. What is best practice for implementation of that? Can this be done in addition socks5? Part of my goal is to also avoid all relays and bridges which are in the US, is that possible?
Lastly, I’m trying to figure out how to configure my sys-whonix from attempting to connect to ANY clearnet url for any reason. Is this done at the vm level, template level, or Tor browser level, and how do I do that?
Configuring your VPN inside whonix gateway may be something that would interest you. It is a failed-closed config with another added bonus. It is also set up to prevent your VPN provider from seeing your clearnet traffic. This is a feature that your current config does not provide. If you are interested https://whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor#Inside_Whonix-Gateway
That is not really a whonix specific issue. Your VPN provider should be able to help you out with that.
Also if you are planning to use your socks5 to download torrents. Please keep in mind that you should not be downloading torrents over Tor. It makes the network even slower than it already is.
To exclude using US relays you should put this configuration option in your torcc( /etc/tor/torcc ) .