Chaining JonDo + Whonix (TOR over JonDo)

Hi everyone!

I would like to build a chain consisting of a VPN, TOR and JonDo looking like this:

user → VPN → Jondo → TOR → remote server

I am using Whonix and I installed the VPN on the host. Like this:

user (Whonix Workstation) → TOR (Whonix Gateway) → VPN (on the host) → remote server

As a note: I began learning Linux (as well as Whonix) some month ago, have been reading into this a lot for weeks now, and while I indeed managed to get some deeper knowledge of what this is all about, I still feel like a total noob when it comes to setting up and configuring advanced setups like this one.

Alright, so here comes the problem: The JonDo part!

I tried to set up a JonDoBox with help of the instructions here HowTo use JonDo like a transparent proxy → failed (this is beyond my skills)

What I did next worked out fine, however I am not aware of how this effects security of Whonix itself.

I installed the JonDo client on the Whonix Gateway. I then modified the torrc file, adding “HTTPSProxy” to it. Finally I configured Whonix Gateway’s firewall to allow non-TOR connections for the user “user” (ALLOW_GATEWAY_USER_USER=1), resulting in TOR connecting over JonDo first.

I guess this is a dangerous way of setting this whole thing up, isn’t it? On the other hand, the documentation states that torifying the gateway would not be mandatory which makes me assume that this maybe be safe though. I think the unsafe part is granting free access to the user, right? I would really appreciate if anyone could comment on this.

I also tried to start JonDo client as user “clearnet” which resulted in some error (user clearnet not allowed to start JonDo process).

Please can anyone help me setting up this properly? Not much information about it on the net.

Thank you very much!


Hi again!

A couple of weeks have passed since my previous post, unfortunately I haven’t got any feedback yet. I am still looking for a proper way chaining TOR over JonDonym. I have been further reading up on this topic and I started over with the following:

  • imported and installed Whonix Gateway

  • added JonDo repository and signing key (in order to being able to update and install Jondo in a secure manner)

  • installed packages jondo and jondoconsole (only using either of the two)

  • added user with command “sudo adduser --system --password-disabled --group debian-jondo”

  • added “HTTPSProxy” (for free service only) to torrc user config file

  • modified file /usr/bin/whonix_firewall:

    "iptables -t nat -A OUTPUT -m owner --uid-owner debian-jondo -j RETURN"
    "iptables -A OUTPUT -m owner --uid-owner debian-jondo -j ACCEPT"

    to the IPv4 OUTPUT part. I do not want to use a VPN on the Whonix Gateway so these two rules
    should be enough to add

  • after booting up the VM I start Jondo with “kdesudo -u debian-jondo jondo” (or jondoconsole)
    This could be executed automatically at boot. (TODO)

=> Finished! When Jondo has connected to a mix cascade, arm is able to connect to the tor network! I eventually have JonDonym and TOR chained succesfully (JonDonym over TOR)!

I haven’t done any leak tests yet.

The debian-jondo user basically has the same rights and behaves the same way as user debian-tor. It also has the same iptables rules. Debian-tor runs the TOR process, debian-jondo the Jondo process. Both connect to the clearnet. So this should be ok, shouldn’t it? JonDonym manual states that for connecting TOR over JonDonym it’s safe to enter TOR as the proxy in the Jondo settings, thus I assume it might be equally safe the other way around. Is this correct? Of course I weaken security by installing Jondo on the gateway, but I act on the assumption that it can be trusted.

Please, can anyone comment on this? Patrick, do you think this is a safe setup?

Thank you very much. Greets!


arm doesn’t connect to the Tor network. Tor does. arm is a Tor Controller. It provides an interface to Tor. No interaction with the Tor network.

Under your assumptions (explicit, 1) trustworthiness of JonDo) (and implicit, 2) JonDo improving anonymity), it should be safe.

This is what I think that will happen:
user → Tor (listening on usual ports) on the gateway → Tor will connect over JonDonym

Traffic flow:
user → JonDonym → Tor → destination

Doing ‘user → Tor → JonDonym → destination’ however is not something I would recommend for other purposes than occasionally circumvention Tor bans, in long run. It’s just an opinion, but I think you’re better off using Tor exits, because there are much more of them used by much more people, so it’s easier to blend in. Apart from that opinion, I don’t see any other reasons against that.

(Related btw):

Is JonDo worth it? Or already dead? Release date…

DOWNLOAD (version 00.19.001, release date: 2013-08-29)

Edit by Patrick:
Fixed typo “low” → “flow”