Hello everyone:)
I live in China where Tor is censored. So every time I use Whonix, I have to tunnel all Tor related traffic through a censorship circumvention tool. And the following steps are what I did:
1. Set up a windows vm with two network cards;
2. Configure the first one to NAT,IPv4:10.0.2.x,Subnetmask:255.255.255.0,Default Gateway:10.0.2.2;
3. Configure the second one to Internal-whonix,IPv4:10.152.152.y,Subnetmask:255.255.255.0;
4. Install a censorship circumvention tool in the windows vm, bouncing to 127.0.0.0:1234;
5. Install Privoxy in the windows vm;
6. Configure Privoxy by adding:
Listen-address 0.0.0.0:8118
Forward / 127.0.0.1:1234
7. Configure the torrc file in Whonix-Gateway by adding:
HTTPSProxy 10.152.152.y:8118
Currently, it works. But the problems are:
1. Am I doing something wrong?
2. What threats should I be careful about when using Whonix this way?
3. Is there anything I can do to improve my safety or/and anonymity?
I’ll list some Q&A in case you want to know:
1. Q: Why not use pluggable transport instead of censorship circumvention tools?
A: Because even pluggable transport is censored.
2. Q: Why use windows platform instead of Unix-like system?
A: I’d love to, however, most censorship circumvention tools which work well in China only support windows.
3. Q: Why running censorship circumvention tools in windows-vm instead of host?
A: Apart from the answer above, I don’t want to put my host at risk by running additional software.
Sorry for the long boring post, and thank you guys for helping me!
why dont u use tor bridges like meek-google or amazon ?
1. Am I doing something wrong?
why using windows ? Microsoft so ****** up company regarding anonymity/privacy.
use linux e.g debian.
2. What threats should I be careful about when using Whonix this way?
directly with whonix i dont know because i didnt try this. but the mechanism as entire one = not recommended.
also i have talked with patrick about privoxy and i think u should read this:-
3. Is there anything I can do to improve my safety or/and anonymity?
read read read. there was whonix wiki but i dont know why it has been disabled to be publicly shareable. but u can read Tor or Tails documentations and every other projects related to them for e.g debian. because how to stay safe is BIG question which no good direct answer u gonna find from anyone.
Firstly, thank you very much for helping me, BOM !
Actually the first two questions you asked had been answered in my Q&A:[quote=“2xiangzi, post:1, topic:2312”]
Q: Why not use pluggable transport instead of censorship circumvention tools?
A: Because even pluggable transport is censored.
Q: Why use windows platform instead of Unix-like system?
A: I’d love to, however, most censorship circumvention tools which work well in China only support windows.
[/quote]
Any way, I’ll thank you for your suggestions again:)
Thank you for your advice, I’ve read it.
I do agree with you that we can gain the knowledge by reading these documents and that’s one of the reasons I translate Whonix Wiki into Chinese:)
I like to do 1. VPN 2. Tor. I do this because I do not need to “tell” my ISP that I am using Tor by starting the Tor software from my home. Plus a large VPN has more tor users that makes it hard to correlate.
I have been able to make User -> Shadowsocks -> Tor work by downloading shadowsocks-windows from Github and installing on Windows host. Then in Whonix-Gateway VM in VirtualBox, add lines at bottom of /etc/tor/torrc and restart Tor: