[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Tunnel Whonix Gateway through VPN VM, howto?

Hey, I try to tunnel Whonix Gateway through ubuntu vm (vmware/virtualbox) with openvpn connection. So far i set the openvpn adapter 1 to NAT and adapter 2 to a specific internal network same which whonix gateway is connected to (adapter 1).
What changes I have to take now to get the connection to work like in case of whonix gateway - whonix workstation, what changes you took there on the gateway?
Would be great if there’s anyone with advise.

edit: I’ve already tried out Pfsense but didnt worked for me - vpn provider related problem

I would also like to do this, using KVM instead.

I am not sure we’re mixing up topics here.

I try to tunnel Whonix Gateway through ubuntu vm (vmware/virtualbox) with openvpn connection.
So far i set the openvpn adapter 1 to NAT and adapter 2 to a specific internal network same which whonix gateway is connected to (adapter 1).

So you want to tunnel arbitrary operating systems (such as Ubuntu) tunnel though Tor by using Whonix-Gateway? In that case, see this wiki page:

For stuff related to VPN / Tunneling, do you know Whonix’s VPN documentation (https://www.whonix.org/wiki/Features#VPN_.2F_Tunnel_support) already?

For stuff related to VPN / Tunneling, do you know Whonix's VPN documentation (https://www.whonix.org/wiki/Features#VPN_.2F_Tunnel_support) already?

Yes, I’d like to (user -> VPN -> Tor), but instead of run the openvpn client on host or Whonix-Gateway, I was thinking about a extra VM as a Gateway for Whonix-Gateway, so I would be able to chain multiple VPN or could implement a second layer on Tor (user->Tor->VPN) with more security e.g against rootkits and stuff on my Whonix-Workstation.
I need to know now how it is possible to establish a internal network between two VM like you did with Wonix-Gateway and the Workstation, e.g what changes I have to take on my VPN-Gateway and the Whonix-Gateway to tunnel the Whonix traffic through the VPN-Gateway?
Hope you can help and thanks for the answer

So you want to have something like a VPN-Gateway (or same with different term: Whonix-VPN-Gateway).

Good question. Unfortunately, also a big question. It’s like asking “how to make a Tor-only Gateway” or “how to make Whonix”.

Yes, I'd like to (user -> VPN -> Tor), but instead of run the openvpn client on host or Whonix-Gateway, I was thinking about a extra VM as a Gateway for Whonix-Gateway, so I would be able to chain multiple VPN or could implement a second layer on Tor (user->Tor->VPN) with more security e.g against rootkits and stuff on my Whonix-Workstation.
It wouldn' t help against rootkits, at least I am not seeing how at the moment. Nevertheless having pluggable gateways that one can stack in arbitrary orders would be interesting. See also: https://www.whonix.org/wiki/Advanced_Security_Guide#Chaining_Anonymizing_Gateways

Maybe help / could be to be off the track:

I need to know now how it is possible to establish a internal network between two VM like you did with Wonix-Gateway and the Workstation
My advice for this approach: 1) first, learn how to do without involving Whonix 2) after you figured out, combine this with Whonix Don't try to start involving Whonix, then it's getting too complex.

Virtual Machines support connections between internal networks. Documentation about virtualizers explains how to set this up. For /etc/network/interfaces examples, have a look at eth1 on Whonix-Gateway as well as Whonix-Workstation eth0. Then you should be able to ping each other. Next step would be make the supposed VPN-Gateway forward traffic for clients. Start with clearnet traffic. If that works, configure the VPN-Gateway to route all traffic through a VPN and use something like VPN-Firewall (https://github.com/adrelanos/VPN-Firewall).

Maybe asking on wilderssecurity forum would maybe make mirimir answer and help getting a pfSense based VPN-Gateway up and running in conjunction with Whonix. I’ll also ask mirimir to have a look at this thread.

Although it’s certainly possible to setup Linux VMs as VPN gateways, I recommend using pfSense router/firewall VMs. They’re smaller, and secure setup is much easier. Please see https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-6 for detailed instructions.

Thank you guys, didn’t know that there are already such great tutorials for this.
I’ve tried to setup pfSense Vm once but didn’t worked for me - provider related problem I think, going through your tutorial now mirmir and hope that I’m able to get it to work this time.
Like Patrick said "Chaining Anonymizing Gateways - Experts only! " I’m glad that you guys can help me out and provide great Tutorials for this because I’m not a expert and to be confronted with all that unfiltered stuff gives me headaches.

It wouldn' t help against rootkits, at least I am not seeing how at the moment. Nevertheless having pluggable gateways that one can stack in arbitrary orders would be interesting. See also:
hm, I have little knowledge about that stuff but my idea was that the separation would prevent the vpn from getting circumvented like with tor and Whonix - on the Workstation of course?! I feel it gets embarrassing now for me xD
My advice for this approach: 1) first, learn how to do without involving Whonix 2) after you figured out, combine this with Whonix Don't try to start involving Whonix, then it's getting too complex.

alright, I do my best! ;D

Yes. However, that’s different from rootkits.

For just enforcing user -> VPN -> Tor -> destination you can archive the same by installing the VPN on the host and using VPN-Firewall (https://github.com/adrelanos/VPN-Firewall) or by using Whonix-Gateway’s VPN-Firewall feature (https://www.whonix.org/blog/testers-wanted-vpn-firewall).

A stackable VPN-Gateway however could give you access to more advanced tunneling scenarios, such as multiple VPNs.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]