Need clarity on "Tor Before a VPN", instructions unclear

I followed these instructions.


In Qubes I’ve clone separate whonix workstation, separate gateway, created new whonix workstation appvm and sys-whonix vpn.

Tested without VPN works fine.

Then putting VPN in front of tor by connecting setting whonix at it’s netvm. The VPN seems to get a connection, but then I can’t browse.

I need to know where I Deactivate uwt Wrappers and Tor Browser Remove Proxy Settings

Where am I supposed to make and edit these files, in gateway, workstation or the appvms? Or all?

Is there anything else that needs to be done? VPN is set to TCP not UDP. Actually in the past I got Tor before a UDP VPN working, not sure why I can’t get this TCP connection working.

Ultimately I’d like to run certain non-tor related apps inside the workstation. Not so much worried about tor browser.

Just so you know I tried some trial and error, but no matter where I put the files and reinstall all vms, can’t seem to get it working.

Tor connects, if I didn’t mention that before. So rly unsure about this.

Also I changed workstation gateway to new gateway by doing sudoedit /usr/local/etc/sdwdate-gui.d/50_user.conf and specifiying the new sys-whonix name.

Thank you for any help.

Notice for wiki editors:

For reference:

One thing which isn’t pointed out in the wiki everywhere, a Qubes default behavior which is assumed to be known but only now explicit written down as a reminder:
Qubes Template Modifications

Wiki has been updated just now.

I am pretty sure UserTorVPNInternet won’t be possible. (Tor UDP)

Yes I’ve known and have been restarting.

Thank you, with the new details I’ve updated both the workstation and gateway correctly now.

However still can’t access internet from inside the anon-whonix appvm.

The VPN connects fine. And I can see it’s IP inside the onion circuits using Tor Control panel part of sys-whonix. I also checked that connection works ‘vpn through tor’ by launch a debian firefox disp-vm, and then switching it’s netvm to the vpn-tunnel through tor. It shows the VPN IP, not a tor-exit using an IP checker website.

Let me double check with you on my configuration. I’ve got Anon-whonix connection to an OpenVPN sys-net connection that got my VPN setup. Then this VPN-vm is using sys-whonix as it’s netvm. Then sys-whonix is connected to sys-firewall, then sys-net.

I started to go further down the list in these instructions: Connecting to Tor before a VPN

Since it wasn’t working I thought I’m missing something. I then followed the "Inside Whonix-Workstation " section and edited firewall in appvm and sudoers Configuration, but then stopped at the VPN setup, because I’ve already got that setup as a netvm. Is this a mistake? Should I not have an external VPN connection and instead do it inside the workstation VM?

I’m confused, because I’ve successfully used this external VPN method, connecting sys-whonix as it’s netvm to get I2P and Freenet working. So not sure why I can get apps nor tor browser now working in this time around.

Yes I made a mistake and it was getting Freenet UDP to work by using a TCP vpn in front of sys-whonix.

Thanks for the help. I’ll definitely edit the docs to make it more clear once I resolve this.

For now I’m just going to use a debian AppVM with the apps I need connected through Vpn + tor. These apps I can’t sign in from a tor exit as it’s blocked. Thats why I am trying to utilise this setup of vpn through tor. But would like to use the more secure whonix workstation.

Terminology for Support Requests

Two configurations are available:

These are not supposed to be combined. Now clarified in wiki.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]