For that please follow the specific guides. Starting from Combining Tunnels with Tor is correct and then go to the instructions for the method which you’re interested in.
Correct
I found it
When configuring User → Tor → proxy/VPN/SSH → Internet, it is impossible to connect to Onion Services because the last server is not a Tor relay. The only exception is running another Tor client on top, but this would lead to a Tor over Tor scenario which is discouraged for security reasons.
what i don’t understand
—because the last server is not a Tor relay—
Assuming last server its a VPN ?
why tor browser over VPN on Host works ? without Whonix
Is VPN useless on Workstation ?
I really don’t understand difference between VPN on normal Host versus on Workstation as VPN would be like ISP
That is not: user → Tor → VPN → onion. (impossible)
VPN on the host:
Because VPN on the host connects before anything else can connect. This includes Tor. VPN connects before Tor can establish any connections. That’s why it’s user → VPN → Tor → destination.
VPN inside Whonix-Workstation:
All connections originating from within Whonix-Workstation are torified, meaning routed over Tor. That includes the VPN. Therefore it’s user → Tor → VPN → destination.
Only the Tor can connect to onions. It’s a Tor network internal thing. Tor handles the connections to onions.
If Tor is “obstructed” by a VPN, then the connection is not really internal to the Tor network. Nobody can connect to onions without the use of Tor. But if a VPN is used in a chain of user → Tor → VPN → destination, then one is “not really using Tor” from the perspective of destination onions.