How Get Whonix Gateway VM to Use VBox Host-Only Network Interface

jagdpanther · October 9, 2018, 7:28pm

By default the Whonix Gateway VM (running in VirtualBox-5.2.18) uses the Virtual Box NAT type network interface for the external (TOR) connection. This works for me if I do NOT have the host system using a VPN. However, I would like to use the VirtualBox “Host-Only” type network interface as it will forward the Whonix Gateway TOR connection over an existing VPN on the Virtual Box Host. I have tested both a Windows and Linux VM, on the same virtual network (192.168.a.b) as my Whonix setup, and both test VMs use the VirtualBox Host-Only network interface. All requests from the test VMs to routable IP addresses do connect to their destination. (I have forwarding turned on in iptables.)

The issue is that if I change the VirtualBox network interface type to host-only (vboxnet0 – the same that I tested with) TOR never connects from the Whonix gateway server. I have also tried to set up a simple proxy server on the Linux host (tinyproxy) and told Whonix gateway to use the proxy. This also fails. (The proxy works when tested with other VMs.)

How do I set the Whonix gateway server to successfully use VirtualBox’s host-only network interface for the gateway’s TOR connection?

Algernon · October 10, 2018, 10:00pm

Did you change the settings of the first network interface in the gateway so it can connect to your host network? You maybe also need to change some firewall rules.

jagdpanther · October 11, 2018, 3:01am

Algernon: Thanks for the reply.

Did you change the settings of the first network interface in the gateway so it can connect to your host network?

I switched the VBox network type to host-only, set it to vboxnet1, and that host-only network interface has VirtualBoxes’s internal DHCP turned on. I verified that the first interface on the Whonix Gateway server did receive an address in the appropriate IP range from DHCP.

You maybe also need to change some firewall rules.

I’ll check the firewall rules on the host (real) system. Are there any firewall rules that I need to look at on the Whonix gateway server?

Patrick · October 11, 2018, 9:02am

No changes to VirtualBox settings should be required. All connections from a VirtualBox NAT interface should be going through a host VPN anyhow.

jagdpanther · October 12, 2018, 9:53pm

Gateway VM working now. I don’t know what I did to keep it from working originally. I re-installed the Gateway VM, left the VBox network type as NAT, turned on my VPN, then started the Gateway VM and Workstation VM.