Problem on Whonix when connecting to NordVPN, or basically any other linux vpn provider!


Thanks for this amazing GNU/Linux distro, I absolutely LOVE it! :slight_smile:

I’ve been working on this issue for like 3 days now! And I should mention I’ve been a linux user for over 10 years, so I tried a lot of stuff, anything I could think of or anything I found by searching or people telling me to do… No luck as of yet.
I’m on Whonix 15 (latest).
I use obfs4.
I’ve read the wiki page for connecting to VPN before TOR.
I tried the firewall settings and some other things provided in the wiki page.
I also messed with the whonix default firewall config, but don’t worry I changed them back to their defaults/original.
And, besides NordVPN, I’ve also tried Windscribe, Hide me, Mullvad, and Speedify. I don’t remember if I tried ProtonVPN but either way I can’t/don’t want to use proton because I’m already using it on my host OS. This is one of the reasons that I know the problem isn’t with me or nordvpn or anything else, and it’s most likely a problem with whonix, there are a lot of other reasons that I’m guessing this is a whonix issue based on them, trust me.
I’ve tried NordVPN on other systems and it works fine, the problem is only on Whonix Gateway.
Here’s an example output when I try using openvpn manually instead of using the nordvpn cli app: user@host:/etc/openvpn/ovpn_tcp$ sudo openvpn Sun S -
(sorry for the pastebin link but I couldn’t use the Formatted text option IDK why! moderators please put my pastebin output in a code block thanks)
I can’t think of any other details that I can provide here for better support, but if you need anything just tell me and I’ll send it.

Your help will be much appreciated because this issue is driving me crazy!!! :expressionless: In my +10 years of linux experience I was never unable to solve a linux GUI/desktop problem for more than 3days! (Server problems are different)
I’m even open to donating some bitcoin to anyone who fixes this problem for me by helping me… (not a lot since I’m not rich and I live in a B-S- country!) (BTW the problem isn’t because of my region, like if NordVPN is blocking my region… This REALLY isn’t the problem, just trust me, if u don’t believe me u can see what I mean if you check on the whonix IRC (my discussion with user “Bla–M–” not gonna send his full username for privacy/anon reasons…) )

I hope I didn’t violate any rules (My donation suggestion/pastebin link) but if I did, please PLEASE just remove the violated part instead of banning me or something, I’m really desperate here.
Thank you in advance, very VERY much! :slight_smile:

Not sure someone will help but this might help so someone could help you: Connecting to a VPN before Tor


Ive been a Linux user for over 2+ years and one thing I’ve had to learn the hard way is never assume anything. If you’ve messed with whonix-gatway firewall delete the image and download a new one.


Using a VPN on your host AND obfs4 bridges AND a VPN in Whonix-Gateway then wondering why your VPN won’t connect, is like pissing in the wind and wondering why your getting wet. You need to simplify your configuration. There is no benefit to using a VPN with obfs4 bridges. If you need to circumvent censorship use a bridge.

After you download a new Whonix-Gatway image, for testing VPN setup you can use a free service provider (for testing ONLY!). Use the rsa configuration files. If you can’t connect you’ve made a mistake.

cryptostorm_client_configuration_files/cryptofree at master · cryptostorm/cryptostorm_client_configuration_files · GitHub .

Note: This is not a recommendation to use this provider.

Wow! Delete the image and download a new one?? Are you sure this is necessary? As I said before, I reverted back the firewall to the defaults/original confing since I made a backup before editing it!
So thanks for your suggestion but I’m ok.

A working VPN on my host, yes.
obfs4 is used on Whonix.
But I think you missed the title since it mentions that I’m having problems setting up VPN on gateway! So IDK why you said “AND a VPN in Whonix-Gateway then wondering…” ! I haven’t been able to setup a VPN on Whonix.
But I considered what you said about using obfs4 with vpn, so I tried connecting to TOR without a bridge and NordVPN/OpenVPN/any vpn still didn’t work, so the problem is clearly not because of obfs4. And I don’t think it can possibly be because of obfs! since the vpn establishes a connection before TOR, so how is this relevant? I honestly don’t know what you meant by all this except for trying to make me look silly or something!

Thank you for your attention my friend, but I have my reasons for doing all this, and although you may not believe this, but I’m not a dumb-ass n00b like the way you think I am as your tone clearly shows this is your notion!
No offense man, I’m not trying to insult you or anything, I’m just making things clear for you so you don’t have the wrong idea about me or something like that. I actually appreciate your reply to this thread and I thank you again for it. So no hard feelings dude.

I created a new topic, it’s related to this issue but it’s not about VPNs and that’s why I created a new thread for it:
forums.whonix DOT org/t/setting-up-dnscrypt-on-whonix-gateway-and-also-another-question/8249

Whonix-Gateway root user does not have clearnet access by default.

Whonix-Gateway root user does not have system default networking by default.

1 Like

So what should I do about it?
To be honest I don’t exactly understand what you mean!
If there’s no clearnet access how does apt connect and recieve packages from repos? I mean unofficial repos that a user might add… and repos is just one thing, it’s an example.
But I’m most likely mistaking since you’re the creator of Whonix (BTW, Respect!)
So what do you suggest I do to fix this? If the thing you’ll suggest will solve my problem, then great, but if not and you were just saying this then can you please take a look at the new topic I created about DNSCrypt? I think it’s gonna help me with this problem.

What you’re asking for are very complex issues. Most of Whonix users probably “just” connect to the public Tor network and that’s it. Due to time restraints, I cannot produce (create from scratch) full solutions. In this case I only replied to something obvious that is easy for me to answer. That may or may not help you or any other advanced users to provide further advice or to fix the issue.

apt is configured to use Tor SocksPort.
users who can access clearnet by default on Whonix-Gateway are users:

  • debian-tor
  • clearnet

But networking only. There is no system default DNS on Whonix-Gateway since not needed.

More information on that subject:

Also worth reading: