To preface I am not bashing you whonix devs! You have done great work and understand if you don’t want to mess with this particular issue!
I guess the official answer is going to be “too hard to debug and not enough people interested in this edge use case” That is what I have read from most of the other responses on the subject coming from the devs but I would disagree this is an edge use case. From reading the amount of other similar questions online various places there is a large user base of tor users who want to interact with the clearnet while behind tor. The wiki solutions on the article ‘bypass tor censorship’ are as good as useless with suggestions to use a public proxy - most of which don’t work and those couple that do seem to only load one page then break.
I understand it isn’t necessarily a whonix specific issue but whonix is unique in its gateway/workstation tor setup so the solution might be unique for this issue.
Tunnels seem the best choice for interacting with pages on the clearnet as anything but casual browsing you are hit with blocks or impossible captchas or even the page doesn’t load at all due to blanket tor block. So, indeed, I think this is an important topic to explore.
I tried following the hugely convoluted wiki of:
h ttps://ww w.who nix.or g/wik i/Tu nnels/Connecting_to_Tor_before_a_VPN#Inside_Whonix-Workstation
Even within that wiki though it states that it not work due to iproute2 having been removed from debian. There has been no update so not sure what to do now? No point spending hours upon hours going through that process when there is no clear path to success.
I found this post htt ps://fo rums.who nix.or g/t/vpn-after-tor-on-whonix-workstation-am-i-doing-it-right-is-it-really-that-easy/4416 and this is just the use case I want but sadly few details were given as to what settings they used for workstations to get openvpn running. Can you comment @onion_knight? As the user stated it was far easier than the above wiki artible would have had you believe and as they mention network kill is not necessary to over complicate matters since your home IP is still protected by tor if the vpn happens to go down.
From their post it seems as simple as running openvpn within the workstation but I don’t know what is causing openvpn to fail in my case.
I tried last night and when I tried to run sudo openvpn file.ovpn I was confronted with an error of unable to open tun/tap within openvpn output. As there is precious little information I was not sure how to proceed or troubleshoot. I don’t know if it is a problem with whonix setup or lack of some program required that openvpn wants or what.
Can anyone help?
I don’t see a better way around the browsing clearnet behind tor situation than this so seems worth working on.