Force a seperate kvm vm to go through whonix gateway


A few days ago whilst reading the wiki I thought I saw a topic regarding forcing a separate vm to use the Whonix Gateway and therefore torifty all that traffic.

On my virtual machine manager I have Whonix Gateway, Workstation and a regular old Debian 8.2 machine.

It’s the 8.2 machine that I also want to force the traffic through tor. I can’t find the article that I was reading about this, I’m pretty sure I didn’t dream it but I guess it’s not impossible.



Its better you don’t tunnel traffic from a once clearnet VM with your other VMs that you want to remain anonymous. Reason is that hypothetically some software on the 8.2 machine might have leaked an identifier or created some network fingerprint that is recognizable and so mixing its traffic with your other WS might dirty the Tor circuits and unmask activity from both machines.

You are better off starting with another WS VM. Even then its easier to have two separate pairs of GW-WS to be sure that their traffic does not affect the other in any way. The GW can run with as little as 150MB RAM so it should never be a problem.


That’s a very good point and one I had not thought about, thank you for the tip.

So if I created a new debain vm which has not touched the clear and wanted to force that one through the Gateway is it possible? I really just like to learn things and gain knowledge tbh and I really thought that I had read it was possible with examples on the whonix wiki but I simply can’t find that now.


Its possible but you would need to setup things like a static ip that doesn’t conflict with your other WS, you will still lack many important features like per app stream isolation, timesync, disabling Tor over Tor, and upcoming features such as onion service update mirrors.

At this point is just easier/safer to create another WS instance which is based on Debian anyway and supports everything a vanilla 8.2 can. If you still want to experiment anyway feel free to follow these steps here (scroll down to “configure network”):