Stream Isolation very nice technology, i have some newbie questions about it…
So these ports for isolate stream is running on whonix-gateway. That means i can use these ports from ANY workstation which connected to gateway. It can be windows, other Linux etc. What i need to do is just type whonix-gateway ip and port in some software proxy settings like 192.168.0.10:9103. And this means that my instant messenger (which i run on windows workstation) from now be using different tor route from my browser (which i run on windows workstation also) ?
On whonix-gateway there is many prepaired ports for many applications. For xchat, bitcoin etc… It’s difference which one port i use for bitcoin and xchat ? I mean for bitcoin software i must use ONLY 9111 ?
Is there are a way to test if a stream isolation for IM is working ?
1) So these ports for isolate stream is running on whonix-gateway. That means i can use these ports from ANY workstation which connected to gateway. It can be windows, other Linux etc. What i need to do is just type whonix-gateway ip and port in some software proxy settings like 192.168.0.10:9103. And this means that my instant messenger (which i run on windows workstation) from now be using different tor route from my browser (which i run on windows workstation also) ?
If the application is really using the proxy you set (proxy bypass bugs are not uncommon, see TorifyHOWTO) and if that workstation is not already compromised and if you are not using other workstations that are compromised, then yes.
2) On whonix-gateway there is many prepaired ports for many applications. For xchat, bitcoin etc... It's difference which one port i use for bitcoin and xchat ? I mean for bitcoin software i must use ONLY 9111 ?
Bitcoin port 9111 is just "reserved" for an eventual future, where a bitcoin client gets pre-installed by default or in case if we would at least ship a bitcoin.conf pointing at that port by default. If you use 9152, 9153, 9154 or else is up to you. Doesn't matter. Just don't (unless you know what you are doing) configure two applications to use the same port and use both applications at the same time. As long as you don't run short on custom ports (no one ever reported that), just use a separate one per custom application and just remember or note somewhere. In case you run short on custom ports, new ones could be created.
3) Is there are a way to test if a stream isolation for IM is working ?
Yes, but no easy one. If you strongly care about this, turn of Whonix's transparent proxying fallback feature (explained on stream isolation documentation page as well). To actually check it, you need to either audit the applications source code and/or use a network monitor (wireshark etc.) to see if there are any proxy bypass bugs.
[quote=“punk, post:3, topic:278”][quote]
As long as you don’t run short on custom ports (no one ever reported that)
[/quote]
What you mean by that ? short on custom ports?[/quote]
Using more then 9 custom installed applications that you want to route through Tor SocksPort’s without IsolateDestAddr and without IsolateDestPort. Then you can add some more yourself.
On whonix workstation, ssh client is already configured to use “isolated by destination address” ?
If i at the same time connect to different machines over ssh, do i get separated tor routes ?