Multiple Whonix-Gateway - Qubes-Whonix Best Practice


I tried to follow the recommendation to " Increase Protection from Malicious Entry Guards: One Guard per Application" from : /wiki/Tor_Entry_Guards

So I did follow the steps to create some new Whonix-GWs from : /wiki/Multiple_Whonix-Gateway

Then I linked my different WSs to the different GWs. Everything went well, everything seems to be working so far.

Then only not clear part is the difference between the Originial sys-whonix GW and my newly created GWs.
I can see the original one being less heavy on disk storage (like ~30mb less) than every other one, even they’re (of course) all build from the same template. I guess some packages were removed on the original, and maybe some extra config was done on it too.

So the questions are :

  • Why is there a difference between the already created sys-whonix and the newly generated ones ?
  • What are the differences ?
  • Should I continue to create the dedicated GWs from the template VM or should I clone the original sys-whonix GW then regenerate the tor state file inside ?

I saw topics about multiple GWs being addressed in the past and I used them to answer other questions but I didn’t find answers to theses questions.
I apologize if I didn’t follow some rules or posted in wrong section.

Thanks !

Somewhat related:

No research was done into that.
Feel free to research that by yourself.
Since there are No Intentional User Freedom Restrictions, it’s Open Source, feel free to research that.

Prerequisite knowledge:


  • Once a VM ever used space inside a TemplateBasedVM, it won’t automatically free it even if files in /rw have already been deleted.
  • Qubes free space calculation issue.


This might help. Run in both VMs:

sudo find /rw -type f

Compare file lists. Gather file sizes. Compare.

The documentation chapter is saying

Clone Whonix-Gateway ™ (sys-whonix) with New Entry Guards

But that part (sys-whonix) might just have been injected when these instrutions where Qubesified. I cannot think of a strong rationale why

A) cloning sys-whonix would be better than,
B) creating a sys-whonix-temp from TemplateVM.

When A), one could keep Tor consensus files but instructions currently don’t cover this and that shouldn’t be important either.

Keep following this forum thread to see if any other insights are posted at a later time.

The files in /rw that should be the same seem to be the same, at least same size.
The only minor differences I saw were some files generated by anon-wizard, so it looked normal to me.
But unfortunately I can’t guarantee I checked everything the right way.

I also did check the packages to be sure and they match.

This was while “sys-whonix” was running compared to others closed “sys-XX” . When they’re closed the gap is now ~50mb < than others.

I feel like this chapter used the cloning method because :

  • there is no differentiation between Non-Qubes and Qubes in this chapter, and

  • it was intended to be a -temp Gateway, and it may makes more sense to clone it when it will be soon deleted, and keep the fresh creation for persistent GWs…

Also, this chapter seems not to be directly connected to the first chapter I’m talking about because in the intro they say : If guard fingerprinting across different locations is a legitimate concern...
But in first chapter I feel like we’re talking about a setup to mitigate threat on one main location, or am I wrong ?

Anyway I agree on the fact that I can’t see why it would be more beneficial to clone a GW in Qubes-Whonix than to fresh create it in any case we want “mitigate tor entry guard fingerprint”.