User -> Whonix-Gateway -> pfSense(vpn) -> Whonix-Workstation

The idea was mentioned in the guide above already but it wasn’t explained how to setup the vm’s in detail.
So far I made the following:

Whonix-Gateway vb Adapters: 1. NAT 2. Whonix
pfSense vb Adapters: 1. Whonix 2. pfSense
Whonix-Workstation vb Adapters: 1. pfSense

also I did some experiments with LAN/WAN-IP settings (e.g 192.168.0.xx/24 in different ways) but none worked for me.

That setup doesn’t work because the two Whonix VMs are very securely tied to each other. I’m assuming that the pfSense VM is running a VPN client. In order for the VPN to connect through Tor via the Whonix gateway, you need to specify the SOCKS5 proxy. In the Advanced box in the VPN client setup in pfSense, add two commands:

;socks-proxy 9050 /usr/local/share/up ;socks-proxy-retry
In /usr/local/share/up, put these two lines:

root changeme [or whatever you've changed it to]
In order for the Whonix workstation to connect through the VPN rather than through Tor, you need to disable all of the settings that point apps through the various SocksProxys on the Whonix gateway. I’ll leave that to others.


It might be easier to just use a standard Debian 7.6 VM instead of the Whonix workstation VM.