Debian based OS (using torghost, so all is torrified and using TCP) -> whonix gateway (connect directly to torghost) -> whonix workstations or other vm connected to the whonix gateway.
I run torghost because at the end is my main host OS, and so I still use mozilla firefox. But the problem is like Patrick says, is to rover tor.
So we should be look for another solution in which main host connection is already torrified, and gateway connection is torrfied but in separate mode, not in tor over tor.
Also I do not if using torghost in main host OS, and then using tor browser is still tor over tor (I suppose that yes), or if using tor inside whonix would be tor over tor.
We already have an idea of how this should be implemented, but need time to do it. The address ranges of Virtual networks would be excluded in host iptables rules from redirection to Tor.
I think that there should be an exception, maybe just for using Kicksecure VMs without Tor, there could be some kind of warning with this.
For most people to be able to use this as their daily driver, they need some way to have non-tor vm as not all activites can be done over tor due to restrictions and in some cases tor might not be helpful. Unfortunately the digital infrastructure isnāt here for most people to use only tor all the time.
Iām not sure if Kicksecure VM templates are planned to be included in Whonix host, but it would be at least a good option during installation with a clear warning, or at least something that can be āapt-getā installed from the whonix repo.
A combination of Whonix & Kicksecure VMs is in my opinion something that really makes daily usage (and adoption) a lot more practical.
if a user has Kicksecure on their Whonix Host, it should be able to use the clearnet with our planned changes to iptables rules. The Kicksecure template points to the ādefaultā virtual network.