How do I use Whonix-Gateway as a gateway?


New user…

I imported Whonix-Gateway and started the VM (via https://www.whonix.org/wiki/VirtualBox).
I’m running a headless VM on a Linux host.

Now what?
How do I use Whonix-Gateway as a gateway for my VM’s and other machines?

Ideally my setup would be:

Any OS machine -> SSH socks5 proxy -> Host machine -> Whonix-Gateway -> Tor

Thank you.



Can/How access the Whonix Gateway remotely via SSH (socks proxy)?


Hi jslk39s

You first have to understand how to use SSH socks5. Try configuring/testing in a Debian VM. Then move on the Whonix. Keep in mind there is no step 1 step 2 … step 20. - finished! Much of it you will have to figure out by researching, experimenting on your own. There are also links in the Tunnels Introduction that might be helpful so be sure to read through all of it.

Is it possible to route my SSH server traffic via Whonix-Gateway?

Here is what I’m hoping to build:


Looks doable.

In any case it’s much, much safer to (also) use Whonix locally before connecting to any server.

To SSH to any remote server adds new risk.

(VNC similar:)

If the remote server cannot be trusted (which server can nowadays?), and you’re not connecting there anonymously, you might not be anonymous at all. Using a remote server also creates the problem how to anonymously pay the server, see:

What you call SSH-Server and Whoix-Gateway in a box could be one combined server? Assuming yes. Rephrasing your question: How to SSH into Whonix-Gateway? And answering that.

We don’t have that documented unfortunately.

  1. learn about onion services generally
  2. install an onion v3 service on your local computer
  3. learn how to SSH into your local computer’s onion v3 service (this exercise can also be done inside a VM)
    (no port forwarding required)

By applying the same on a Whonix-Gateway you should be able to SSH into Whonix-Gateway. Bo port forwarding required since Tor makes it look like the incoming connection is coming from localhost. And Tor itself does not require open ports as a client. And Tor itself does not even require open ports for onion services.

What you call SSH-Server and Whoix-Gateway in a box could be one combined server? Assuming no. Well, not much different than above. You’ll still need an ssh server installed on Whonix-Gateway.

What you SSH-Server could be a Whonix-Workstation. Similar to above you can also SSH into Whonix-Workstation. To do that: don’t try to exercise this on a server for the first time. Start exercising using Whonix locally without any remote servers involved. Exercise hosting an onion webserver as per https://www.whonix.org/wiki/Onion_Services. Then exercise setting up an onion ssh server which would be very similar. Once you learned how to do this, you can also replicate it on a remote server.

But last comes to mind a bit late… For a Whonix-Gateway / Whonix-Workstation on a server… At which provider are you actually able to do that? Rhetoric question. Probably on root servers only. But where can you buy a root server anonymously that allows connection from Tor? Seems futile.