[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

How can I request a new IP from the gateway?

That depend if the App with Stream(Network) Isolation or not:

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Stream_Isolation

I meant more if I were to write my own little application, can I request a new IP or a specific IP?

Possible but this is not Whonix issue to do this work for your application, but you can do it using Whonix.

No, Specific IP means Specific Guard and thats not how Tor works and even if there is away then its unsafe to use this method for your anonymity.

https://www.whonix.org/wiki/Free_Support_Principle applies since this is a general Tor question.

https://www.whonix.org/wiki/Tor_Controller applies.

https://gitweb.torproject.org/torspec.git/tree/control-spec.txt for how to give commands to Tor.

signal NEWNYM is related but not really what you want, which quote FAQ

will likely create a new circuit with a different Tor exit relay and IP address, but this is not guaranteed.

This FAQ entry mostly applies:
https://www.whonix.org/wiki/FAQ#New_Identity_and_Tor_Circuits

Tor can do that, but how to do that is as far as I know undocumented. https://gitweb.torproject.org/torspec.git/tree/control-spec.txt would help doing it but certainly non-trivial. However, it’s still more of a Tor than Whonix question.

1 Like

Isn’t there an open port on the whonix server that you can connect to (e.g. with telnet) and just issue some command to get a new exit node? Sorry for my own confusion.

There is,

  • port 9050 on Whonix-Workstation (with onion-grater filtering which can be adjusted)
    /var/run/tor/control unix domain socket file on Whonix-Gateway

but that is not your problem. You need to learn how to use Tor first - which doesn’t concern Whonix. That’s the big/difficult part to learn. After you figured that out, making that work on Whonix is the easy part by comparison.

Doesn’t exist - at least not in an easy way. Learning how to do that by using https://gitweb.torproject.org/torspec.git/tree/control-spec.txt is the only option that I know.

So the way the Tor Browser asks the Whonix Server for a new IP isn’t something I can easily implement myself?

I’m basically only asking how I can from the Whonix Gateway do the same as pressing ‘n’ in the arm interface on the Whonix Server, or like the Tor Browser does it.

I will try to read up on this myself in general since I clearly lack some knowledge, but just knowing this part would help a lot.

It’s not asking for a new IP.
It’s asking for newnym (new circuit).
See: https://www.whonix.org/wiki/FAQ#New_Identity_and_Tor_Circuits

That is answered here:

Thanks for clarifying, sorry again, but what I mean is simply this then:

How can I from the Whonix Workstation, using telnet, ask for a new circuit (newnym)?

Hi `rob75

That is something you would have to research on your own. What you are asking can be very dangerous so its not likely many (if any) users have done that.

Its understood what you are asking. Patrick tried to point you in the right direction in previous posts. This is more of a Tor question so you may want to try asking on tor.stackexchange? Maybe a more generic question leaving out the Whonix part of your question?

How do I change my Tor circuit remotely? Then apply what you learn to Whonix.

1 Like

This:

https://www.whonix.org/wiki/Tor_Controller#Command_Line_Tor_Control_Command

Note: new circuit doesn’t mean new IP as already said.

Thanks 0brand,
I will research this on my own. Thank you. Could you tell me why it might be dangerous?

Perfect, thanks!

Whonix uses hypervisors to isolate the Whonix-Workstation Whonix-Gateway from each other and the host. If Whonix-Workstation is compromised and you connect to Whonix-Gatway (from the Whonix-Workstation) the Gateway could also be compromised. If that happened you could be de-anonymized.

Thanks for your help but this doesn’t seem right.

I’m not doing anything an attacker couldn’t already do.

If an attacker compromised my Whonix Workstation, that attacker could connect to the Whonix Gateway as well, using https://www.whonix.org/wiki/Tor_Controller#Command_Line_Tor_Control_Command

I’m not adding anything extra, I’m just using existing functionality already provided.

If it was a remote exploit. Your assuming worst case scenario. Which is what you want to do but its more likely you would pick up a passive malware unless you were high profile.

Anyways you are increasing the risk of Whonix-Gateway compromise by connecting from Whonix-Workstation.

An application can send signal newnym to Whonix-Gateway without additional risk since Tor Browser does the same. If signal newnym does what the application developer wants depends on the understanding of signal newnym (=ineffective for long running connections, need to terminate connections before signal newnym has effect).

1 Like

I stand corrected. :slight_smile:

1 Like

Running any new application inside the Workstation would be an increased security risk though. If I made my own little application, it is probably not as secure as something well tested and mature like the applications that come with the Workstation. However, compromising my application or e.g. the Tor browser wouldn’t matter at all for my own security, it would both have the same consequences, unless my application were to run as root.

Run your application inside sandbox and/or apparmor. by that even if it gets hacked there are no previliges for your application to attack your entire workstation. (though we do that as well for many things installed in whonix)