How can I request a new IP from the gateway?

Is there a way from the workstation, to connect to the gateway, and ask it for a new TOR exit IP?

That depend if the App with Stream(Network) Isolation or not:


I meant more if I were to write my own little application, can I request a new IP or a specific IP?

Possible but this is not Whonix issue to do this work for your application, but you can do it using Whonix.

No, Specific IP means Specific Guard and thats not how Tor works and even if there is away then its unsafe to use this method for your anonymity.

Free Support for Whonix ™ applies since this is a general Tor question.

Control and Monitor Tor applies.

control-spec.txt - torspec - Tor's protocol specifications for how to give commands to Tor.

signal NEWNYM is related but not really what you want, which quote FAQ

will likely create a new circuit with a different Tor exit relay and IP address, but this is not guaranteed.

This FAQ entry mostly applies:
Frequently Asked Questions - Whonix ™ FAQ

Tor can do that, but how to do that is as far as I know undocumented. control-spec.txt - torspec - Tor's protocol specifications would help doing it but certainly non-trivial. However, it’s still more of a Tor than Whonix question.

1 Like

Isn’t there an open port on the whonix server that you can connect to (e.g. with telnet) and just issue some command to get a new exit node? Sorry for my own confusion.

There is,

  • port 9050 on Whonix-Workstation (with onion-grater filtering which can be adjusted)
    /var/run/tor/control unix domain socket file on Whonix-Gateway

but that is not your problem. You need to learn how to use Tor first - which doesn’t concern Whonix. That’s the big/difficult part to learn. After you figured that out, making that work on Whonix is the easy part by comparison.

Doesn’t exist - at least not in an easy way. Learning how to do that by using control-spec.txt - torspec - Tor's protocol specifications is the only option that I know.

So the way the Tor Browser asks the Whonix Server for a new IP isn’t something I can easily implement myself?

I’m basically only asking how I can from the Whonix Gateway do the same as pressing ‘n’ in the arm interface on the Whonix Server, or like the Tor Browser does it.

I will try to read up on this myself in general since I clearly lack some knowledge, but just knowing this part would help a lot.

It’s not asking for a new IP.
It’s asking for newnym (new circuit).
See: Frequently Asked Questions - Whonix ™ FAQ

That is answered here:

Thanks for clarifying, sorry again, but what I mean is simply this then:

How can I from the Whonix Workstation, using telnet, ask for a new circuit (newnym)?

Hi `rob75

That is something you would have to research on your own. What you are asking can be very dangerous so its not likely many (if any) users have done that.

Its understood what you are asking. Patrick tried to point you in the right direction in previous posts. This is more of a Tor question so you may want to try asking on tor.stackexchange? Maybe a more generic question leaving out the Whonix part of your question?

How do I change my Tor circuit remotely? Then apply what you learn to Whonix.

1 Like


Control and Monitor Tor

Note: new circuit doesn’t mean new IP as already said.

Thanks 0brand,
I will research this on my own. Thank you. Could you tell me why it might be dangerous?

Perfect, thanks!

Whonix uses hypervisors to isolate the Whonix-Workstation Whonix-Gateway from each other and the host. If Whonix-Workstation is compromised and you connect to Whonix-Gatway (from the Whonix-Workstation) the Gateway could also be compromised. If that happened you could be de-anonymized.

Thanks for your help but this doesn’t seem right.

I’m not doing anything an attacker couldn’t already do.

If an attacker compromised my Whonix Workstation, that attacker could connect to the Whonix Gateway as well, using Control and Monitor Tor

I’m not adding anything extra, I’m just using existing functionality already provided.

If it was a remote exploit. Your assuming worst case scenario. Which is what you want to do but its more likely you would pick up a passive malware unless you were high profile.

Anyways you are increasing the risk of Whonix-Gateway compromise by connecting from Whonix-Workstation.

An application can send signal newnym to Whonix-Gateway without additional risk since Tor Browser does the same. If signal newnym does what the application developer wants depends on the understanding of signal newnym (=ineffective for long running connections, need to terminate connections before signal newnym has effect).

1 Like

I stand corrected. :slight_smile:

1 Like

Running any new application inside the Workstation would be an increased security risk though. If I made my own little application, it is probably not as secure as something well tested and mature like the applications that come with the Workstation. However, compromising my application or e.g. the Tor browser wouldn’t matter at all for my own security, it would both have the same consequences, unless my application were to run as root.