[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

KVM Whonix bypasses host VPN

The original wording of my question was too vague and complicated, so here is my issue:

Whonix in KVM bypasses “leak-proof” VPN that is configured with OpenVPN and firewalled to only allow interface tun0. I see nothing in the docs to address this.

Has anyone else had this issue?

Steps to reproduce:

  1. ping a webserver from host (success)
  2. Start Whonix (whonixcheck passes)
  3. Disable VPN on host
  4. ping a webserver from host (fails due to firewall)
  5. Run whonixcheck on gateway (still passes)

From my understanding, this means:

  1. KVM ignores the VPN, because the gateway is using the network “external”
  2. KVM Whonix can not be routed through a VPN on the host using normal configurations

Or am I misunderstanding completely?

What is your firewall config? This can be gotten with iptables-save if using iptables.

You may be allowing traffic out from the libvirt or kvm group.

2 Likes