eprer
June 14, 2016, 3:24pm
1
Hello
I would this configuration
sys-whonix–>proxyVM–>appVM (not anon-whonix)
I created a VPN configuration in network manager but when I try to connect the VPN fail, while if I connect the same VPN to a normal proxy machine, works. Do I change anything in sys-whonix? Or is a problem of my VPN?
Thank you
Please use the same way to describe the terminology / connection scheme that you want to accomplish as under the following wiki page.
Otherwise due to the great complexity of the topic it is very easy to talk past one another.
It it this ticket?
opened 09:38PM - 11 Jun 16 UTC
closed 06:03PM - 20 Jun 16 UTC
T: enhancement
help wanted
C: doc
P: minor
privacy
C: Whonix
[Patrick Schleizer wrote](https://groups.google.com/d/msgid/qubes-users/5759D76E… .8000401%40riseup.net):
> Andrew David Wong:
>
> > On 2016-06-08 13:15, a...r@s...t.org wrote:
> >
> > > Hello I read the guide on whonix site about how setup a VPN in
> > > workstation but it is old and my VPN is a little different, it has
> > > a GUI interface but also a setup for Open VPN (to work i have to
> > > use GUI). Do I setup like a normal VPN in debian (network
> > > connection, import configuration, certificate etc...) and change
> > > firewall?
> > >
> > > Thank you
> >
> > Take a look at our VPN documentation if you haven't already. It was
> > recently updated:
> >
> > https://www.qubes-os.org/doc/vpn/
>
> VPN in Whonix-Gateway results in:
> - a) Connecting to a VPN before Tor
> - a) User -> proxy/VPN/SSH -> Tor -> Internet
>
> VPN in Whonix-Workstation results in:
> - b) Connecting to Tor before a VPN
> - b) User -> Tor -> proxy/VPN/SSH -> Internet
>
> These use cases are very different.
>
> See also:
> https://www.whonix.org/wiki/Tunnels/Introduction
>
> https://www.qubes-os.org/doc/vpn/ is closer to:
> - a) Connecting to a VPN before Tor
> - a) User -> proxy/VPN/SSH -> Tor -> Internet
>
> It would be interesting to wretch a Qubes VPN ProxyVM between
> Whonix-Workstation and Whonix-Gateway. I.e. anon-whonix -> sys-vpn ->
> sys-whonix. Which would then result in b).
>
> You might still need bits from chapter "Prevent Bypassing the Tunnel-Link"
>
> https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN#Prevent_Bypassing_the_Tunnel-Link
>
> Although it would not be for purposes of "Prevent Bypassing the
> Tunnel-Link", but for connectivity. The following from that chapter
> would still be required:
> - deactivate uwt wrappers
> - Tor Browser Remove Proxy Settings
> - Deactivate Misc Proxy Settings
>
> So new documentation would be required for this. A lot stuff could be
> re-used since all of the three above are wiki templates.
>
> Anyone interested in this? Up to try this, document this, etc.?
>
> Cheers,
> Patrick
For now, undocumented, unsupported. ( Undocumented, Untested or Unsupported Features )
I have a look if I can get that documented, don’t hold your breath for it.
eprer
June 15, 2016, 2:20pm
3
Hello
The only difference is that I don’t want a workstation like appVM but I setup a fedora template appVM
Regards
This is now documented here:
Connecting to Tor before a VPN
Recommended order of reading:
eprer
June 15, 2016, 6:23pm
5
Thank you Patrick!
Some VPN connect while others no
This is expected. I added this fact and the reasoning for that to
documentation after your report.
tasket
September 18, 2016, 11:47am
9
Hi Patrick: Interestingly, openvpn would only report “TCP connection reset” when I used the native port 1194. Switching to port 443 works, though. VPN providers may only support TCP on an alternate port number.
Patrick
December 9, 2018, 5:17am
10
1 Like