The goal is to create an encrypted connection all the way between host and tor exit node, while hiding the use of tor from the host isp and masking host network activity as ssh encrypted traffic when using whonix.
Inside whonix-gateway stop tor, then connect to a vps using ssh:
ssh -f -N -D 1080 vps-ip-address
This establishes an encrypted tunnel between whonix-gateway and the vps, creating a socks5 proxy on 127.0.0.1:1080 inside whonix-gateway that tunnels all traffic to the vps encrypted (unlike using directly the vps as socks5 proxy).
The host real ip address is exposed to the vps (ssh bypasses tor inside whonix-gateway).
Inside whonix-gateway open the tor configuration (gui or text file) and add 127.0.0.1:1080 as socks5 proxy to use “before connecting to tor”. If using the text file configuration use:
Socks5Proxy 127.0.0.1:1080
This followed the instructions on the whonix wiki page: whonix. org/wiki/Tunnels/Connecting_to_SSH_before_Tor but there is no mention if it works with bridges, as Im currently using obfs4 bridges.
Also, using Socks5Proxy 127.0.0.1:1080 prevents tor from working if the socks5 proxy (vps) goes offline or ssh connection drops?
Is this persistent after a reboot?
Is correct to assume that now the isp only sees encrypted ssh traffic to/from the vps ip, and the tunnel is encrypted all the way to tor exit node?
(host -> ssh -> vps -> obfs4 bridge -> tor -> destination)
Thanks.
(asked also on tor stackexchange )