That's how I circumvent Tor sensorship in China

Continuing the discussion from How do you think the idea that adding censorship circumvention tools to WhonixGateway:

Hello everyone:)
I live in China where Tor is censored. So every time I use Whonix, I have to tunnel all Tor related traffic through a censorship circumvention tool. And the following steps are what I did:
1. Set up a windows vm with two network cards;
2. Configure the first one to NAT,IPv4:10.0.2.x,Subnetmask:255.255.255.0,Default Gateway:10.0.2.2;
3. Configure the second one to Internal-whonix,IPv4:10.152.152.y,Subnetmask:255.255.255.0;
4. Install a censorship circumvention tool in the windows vm, bouncing to 127.0.0.0:1234;
5. Install Privoxy in the windows vm;
6. Configure Privoxy by adding:
Listen-address 0.0.0.0:8118
Forward / 127.0.0.1:1234
7. Configure the torrc file in Whonix-Gateway by adding:
HTTPSProxy 10.152.152.y:8118

Currently, it works. But the problems are:
1. Am I doing something wrong?
2. What threats should I be careful about when using Whonix this way?
3. Is there anything I can do to improve my safety or/and anonymity?

I’ll list some Q&A in case you want to know:
1. Q: Why not use pluggable transport instead of censorship circumvention tools?
A: Because even pluggable transport is censored.
2. Q: Why use windows platform instead of Unix-like system?
A: I’d love to, however, most censorship circumvention tools which work well in China only support windows.
3. Q: Why running censorship circumvention tools in windows-vm instead of host?
A: Apart from the answer above, I don’t want to put my host at risk by running additional software.

Sorry for the long boring post, and thank you guys for helping me!

1 Like

why dont u use tor bridges like meek-google or amazon ?

1. Am I doing something wrong? 

why using windows ? Microsoft so ****** up company regarding anonymity/privacy.

use linux e.g debian.

2. What threats should I be careful about when using Whonix this way?

directly with whonix i dont know because i didnt try this. but the mechanism as entire one = not recommended.

also i have talked with patrick about privoxy and i think u should read this:-

3. Is there anything I can do to improve my safety or/and anonymity? 

read read read. there was whonix wiki but i dont know why it has been disabled to be publicly shareable. but u can read Tor or Tails documentations and every other projects related to them for e.g debian. because how to stay safe is BIG question which no good direct answer u gonna find from anyone.

(read whatever parts u find them interest u)

https://tails.boum.org/doc/index.en.html

https://www.debian.org/doc/

Firstly, thank you very much for helping me, BOM !

Actually the first two questions you asked had been answered in my Q&A:[quote=“2xiangzi, post:1, topic:2312”]

  1. Q: Why not use pluggable transport instead of censorship circumvention tools?
    A: Because even pluggable transport is censored.
  2. Q: Why use windows platform instead of Unix-like system?
    A: I’d love to, however, most censorship circumvention tools which work well in China only support windows.
    [/quote]
    Any way, I’ll thank you for your suggestions again:)

Thank you for your advice, I’ve read it.

I do agree with you that we can gain the knowledge by reading these documents and that’s one of the reasons I translate Whonix Wiki into Chinese:)

Ni hao!

You do everything good. You might want to read How can we help? | Tor Project | Support to see why Tor developers like 3 hop paths.

I like to do 1. VPN 2. Tor. I do this because I do not need to “tell” my ISP that I am using Tor by starting the Tor software from my home. Plus a large VPN has more tor users that makes it hard to correlate.

For Whonix running on Windows VirtualBox VMs:

I have been able to make User -> Shadowsocks -> Tor work by downloading shadowsocks-windows from Github and installing on Windows host. Then in Whonix-Gateway VM in VirtualBox, add lines at bottom of /etc/tor/torrc and restart Tor:

Socks5Proxy 10.0.2.2:1080
ExcludeNodes {cn},{hk},{mo},{kp}
StrictNodes 1

1 Like

Is this required?

It is a safety precaution.

Messing with Tor’s routing settings is not recommended and may impact your anonymity.

I’m almost sure there are no Chinese Exit nodes because they actively censor the Tor protocol so relay connections will likely not work there.

Good tip. Thank you.