I’m very new to Whonix, so please forgive me if this seems obvious to you.
I’m using Whonix inside Qubes and have enabled IPv6 for sys-net and hence also for my Whonix Qube (via qvm-features sys-net ipv6 1).
However, my whonix-ws Qube still can’t access IPv6 addresses, as this seems to be disabled for the whonix-gw.
However, I need to (git) clone a repository that is only reachable via IPv6.
I could use another qube for that, but that would kind of compromise my anonymity.
I understand that IPv6 is disabled for whonix-gw for security reasons (as “there are no IPv6 Anonymity Distribution Gateways featuring an IPv6 firewall yet”), so I don’t need to enable IPv6 for all hosts - I’d just like to “whitelist” the one host I need to access via IPv6.
Is this possible? And if not, how can I enable IPv6 for all hosts? Or do you have any other solutions for my situation?
Apparently this wasn’t an IPv6 problem after all: I merely needed to tell ssh (or git) to use Tor (or SOCKS5?) as proxy - therefore I put the following in my .ssh/config for the relevant host:
ProxyCommand nc -x 127.0.0.1:9150 %h %p
I’m not entirely sure why this works (which isn’t a good start) or if I stayed anonymous like that – I’d be thankful if someone could answer those questions.
My understanding is that ssh now “tunnels” its traffic through the specified prox, which in turn routes it through Tor - is this correct?
prerequisite knowledge:
Different possibilities:
- transparent proxying
- uwt (automatic torsocks for pre-installed applications)
- torsocks
- proxy settings
Whonix’s transparent proxying feature doesn’t support IPv6 at time of writing. Therefore, Firefox (discouraged in Whonix - see Tor Browser wiki page why) won’t have IPv6 connectivity by default as it doesn’t use proxy settings, i.e. would be using transparent proxying. When configuring Firefox to use Tor as proxy, IPv6 might be functional.
Tor Browser in Whonix is “talking to Tor directly” using default socks proxy settings. Therefore IPv6 tests are functional.
That is because communication from Whonix-Workstation to Tor to the Tor entry guard are IPv4 but Tor as a feature has the ability to connect to IPv6. That Tor upstream feature is irrespective of the user’s local IPv6 (non-)capability.