Help needed to connect NixOS KVM guest to Whonix Gateway

I posted this in the subreddit but I think this might be better for posterity. This isn’t necessarily related to KVM but I can’t find a more appropriate section. I hope its okay that I’m asking here.

I’m trying to connect my NixOS KVM guest to the Whonix Gateway. NixOS uses its own package manager to install Tor, as described hxxps://github.com/NixOS/nixpkgs/blob/nixos-20.09/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix#L392. This only installs the browser and there is no Tor server running on the guest. I’ve checked with Firefox and it is connected over Tor through the Gateway. I’ve managed to get this setup working with another KVM guest.

I’ve followed the instructions to [Configure Tor Browser Settings] which only works when the pop-up connects to the Tor relay and I connect to a bridge. When setting TOR_SKIP_LAUNCH=1, TOR_NO_DISPLAY_NETWORK_SETTINGS=1 and TOR_SKIP_CONTROLPORTTEST=1, Tor just opens to a red page that Tor cannot connect. I’ve tried launching from command line but there is nothing in the logs.

If I run it without those variables set and try connect without using a bridge, the logs produce this. All the clocks are set on my host and guests to the same time

Apr 23 07:21:57.000 [notice] Opening Socks listener on /home/nixos/.local/share/tor-browser/TorBrowser/Data/Tor/socks.socket
Apr 23 07:21:57.000 [notice] Opened Socks listener connection (ready) on /home/nixos/.local   /share/tor-browser/TorBrowser/Data/Tor/socks.socket
Apr 23 07:21:57.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
Apr 23 07:21:57.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Apr 23 07:22:06.000 [warn] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (TLS_ERROR; TLS_ERROR; count 10; recommendation warn; host C40CE018CFEB706547271844BEE4710B5D3A7A0C at 185.162.251.122:9001)
Apr 23 07:22:06.000 [warn] 10 connections have failed:
Apr 23 07:22:06.000 [warn]  10 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
Apr 23 07:22:06.000 [notice] Closing no-longer-configured Socks listener on /home/nixos/.local/share/tor-browser/TorBrowser/Data/Tor/socks.socket:0
Apr 23 07:22:06.000 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Apr 23 07:22:07.000 [notice] Delaying directory fetches: DisableNetwork is set.