[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [CONTRIBUTE] [DONATE]

Multiple WS configuration question

I’m trying to separate work activities on different whonix workstations, but I’m confused about the correct setup.

After studying the documentation:

I came up with three ways to use Whonix Workstation

  1. Using multiple WS with different IP addresses and one GW.
    Cons - it’s not safe to use a common bridge to run multiple WS at the same time.
  2. Creating a separate internal bridge for each WS with one GW.
    Disadvantages - more complicated configuration.
  3. Using a separate GW for each WS.
    Pros - doesn’t have all the above problems.

Which option is safer to use?
The documentation says that you can not use multiple WS at the same time, does this apply only to option 1 or also to options 2 and 3? If for all options, then it turns out that I also shouldn’t use other virtual machines at the same time when working with WHONIX?

The documentation refers to:

it talks about authentication for the local network, does this only apply to point 1 of my question? When using different internal networks in points 2 and 3, these authentication steps are not needed?

The safest config is to use the same guard settings with all workstations. In case of multiple concurrent workstations you would not share the same gateway. You would also clone the GW so there is a 1:1 ratio between it and WSs and check that the clone did not change to a different one after some months. If it does, you would re-clone the original gateway so they both have the same guard.

The same? One guard per application implies it’s different guards, no?
Increase Protection from Malicious Entry Guards: One Guard per Application

Multiple Whonix-Workstation ™ explains how to use multiple WS at the same time. It does not say you cannot do that. What you can and cannot do differs from the most secure setup.

Applies to 1: yes
Applies to 3: no
Applies to 2: I am not sure what you mean by internal bridge. Different internal network adapter? That should solve it in theory. Undocumented?

Not needed.

Connections between Whonix-Gateway ™ and Whonix-Workstation ™ mentions a solution Using additional (isolated) network interfaces but that is undocumented.

Right.

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]