.onion site help


I’ve been reading a lot of documentation on here and it’s been extremely helpful. I finally got my VPN up and running with Whonix using Mullvad.
Here’s a look at my set up:

Running 2 VM’s (Whonix GW and WS). Before I fire up the gateway, I have a VPN connected on my host first. So I suppose it looks like this:

Host > VPN > TOR GW/WS VM’s > VPN > Internet ?

My question is: How do I access .onion sites after chaining the VPN through TOR?
I read this article VPN Tunnel Setup Examples
and took this snippet “Because you can not access .onion domains when a VPN has be chained. (user → Tor → VPN)”

Shouldn’t it be possible to work around this?

I hope I didn’t destroy this explanation. Hopefully, you understand my set up.


Unless you use Tor over Tor, which is recommended against (Tips on Remaining Anonymous), there is no workaround. This is because connections to Tor hidden services stay within the Tor network. Therefore it’s not possible to exit through a VPN in between.

Ok. Just to be clear, if I were to run the Tor browser without a socks port set, I would then be running Tor over Tor since the Whonix-Gateway doesn’t have transparent proxy enabled by default, correct?

Both incorrect.

Wow, then I really have no idea what I’m doing.

Whether it’s Tor over Tor or not has to do with if Tor gets started on the workstation or not. See footnote at Tor Browser Essentials. (TOR_SKIP_LAUNCH) Not with SocksPort vs TransPort.

Whonix-Workstation has the transparent proxying feature enabled by default [it’s a setting on Whonix-Gateway. (You could disable it if you wanted to.) Whonix-Gateway has by default no transparent proxying feature. [You could enable it if you wanted to.] Some more info: Whonix-Gateway ™ Traffic: Transparent Proxying