RDP over Tor doesn't work (Remmina)

I can’t get RDP over Tor to work, I’ve installed Remmina on Whonix and I’ve setup the HiddenService correctly, directing port 80 to port 3389.

I try to connect via Remmina to xxx.onion:80 or without entering the port, but it just doesn’t work…

I tried torify remmina or torsocks remmina and it doesn’t work either.

I don’t understand the stream isolation tutorial, for me there is no passage to setup stream isolation correctly, but I’m a linux noob too, maybe that’s why I don’t find a working “tutorial” in the official stram isolation guide by whonix.
But to my understanding, torsocks remmina should do the trick?

Thank you

Hello, welcome to Whonix forums and thank you for your question!

Tor UDP:
Tor - Whonix

Unfortunately this subject is not fully documented:

If that page helps and/or you figure out some remote administration solution, please kindly consider contributing to our documentation as this is a frequently asked subject in Whonix forums.

I’d look into x2go and other VNC alternatives as these might be more suitable for slow and high latency solutions.

1 Like

There’s other latency friendly protocols Remmina supports when you install the plugins package. If you find any luck with them please post your instructions here.

Kinda old question but I still haven’t figured it out yet.

#1: Patrick
Why you send me the UDP section? When I connect to RDP via Remmina it’s working fine.

#2: All

I got it working in Windows with Tor Browser using Parrallels Desktop as RDP software because it’s able to use socks5 proxies. It was a very easy setup.
If there is ANY software who is working with RDP and with socks5 for linux I’d make a tutorial for the docs to get it running.

I’d also get it running with VNC or anything else it just have to support proxies and as far as I know remmina doesn’t support proxies?

Tor really doesn’t support UDP at time of writing. Can be confirmed with upstream Tor sources.
If Remmina works with UDP setting then it’s more likely not really using UDP exclusively.

Unless traffic was observed, there could be a leak.

Use Remote Administration - Whonix then? It has a SSH into Whonix ™ chapter.

When you are using Whonix there is no critical need for that.

I think Remmina and the RDP protocol is using TCP, but I’m not sure on that.

There really could be a leak? I’ve connected straight to the .onion and on proxy, I don’t want to use Parrallels Desktop on my linux instances as it’s closed software.

This is something I don’t get, it literally only explain how to ssh into whonix but I need x2go to connect to an windows server. RDP is pretty fast so far over TOR for me, so when I can use Remmina so it connects to an .onion service, it would be strong enough secured I think?

I’d use stream isolation for remmina as I’m pretty sure it will just work flawlessy but I dont understand the docs where do I have to add anything? Or is there a command in terminal I cun run every remmina session with an dedicated proxy? It’s all about the proxy.

If you don’t use Whonix and use any software outside of Whonix using socks proxy settings / proxifier, yes, there can be leaks. See:

Set up the windows server however you like. Anonymity of server or not is up to you. Outside of scope for Whonix unless it’s a Whonix-Custom-Workstation behind a Whonix-Gateway.

To run the client application (VNC client), just run it inside Whonix-Workstation. Proxy settings are nice for stream isolation but that is a minor point compared to possible clearnet leaks when using outside of Whonix.

If the application can connect from inside Whonix-Workstation to the server, then great. It’s over Tor. If not, then the protocol is using network features such as UDP which are unsupported by Tor. In that case your options boil down to using another application / another protocol or using a workaround to make UDP work over Tor.

There are no (conceptually cannot be) generic proxy settings or proxifier for all applications and this is an application where torification is undocumented.
This means outside of Whonix: possible leaks
This means inside Whonix: no stream isolation
Unless you figure it out.
Asking here most likely won’t result in someone else doing that. There isn’t much TorifyHOWTO development going on nowadays.

Yes I know that there can be leaks, that’s why I use Whonix since a long time know.
You misunderstood me, I said I got it working but I’m currently not using it anymore as I only use whonix from now on.

Yes, I need to connect anonymously to an Windows Server, either via RDP or via VNC or whatever.

That’s what I am asking, I’d run the x2go client for sure on my local whonix workstation inside qubes, but to connect to an actual .onion adress I need to setup the onion service on the windows server (which is not a problem at all) but the x2go client should have it’s own dedicated socks session otherwise it’s not able to connect to an onion adress? Or am I missing something? What do I have to do to connect via onion service to an VNC server.

Thank you, so I won’t look into stream isolation. I’m surely running it in whonix workstation on qubes, so no leaks whatsever. I just don’t want a exit node in my setup.

Thank you for your kind help it’s much appreciated.


In case anybody is wondering I’ve got it to work with FreeRDP.
Can I pm you Patrick so I can tell you how I did it so you can update the docs?

It’s working flawlessy over RDP protocol.
I’ve used as proxy in whonix now, is there a better alternative? Where can I see free sessions whonix have created so I can use for every RDP connection a new port?
This way we can manually stream isolate every RDP connection.

Can you share how did you do it to access rdp on whonix using freerdp because I tried and wanst able to.


Late reply because I didn’t notice this edit.

No need for PM. Ideally all discussions can stay public since this is an Open Source project.

See also:
Improve the Documentation / Edit the Whonix ™ Wiki

Let me know how you did it. Would great usefulness for me. Kindly PM. Thanks