Whonix Wiki Download Docs News Support Tips Issues Contribute DONATE

VPN After Tor Instructions DOES NOT WORK

I made a throwaway account just for this. I’ve spent hours on this crap, and it just simply doesn’t work. Torbrowser continues to bypass the VPN.

This is going to be an upset post. Take it for what you want, but when you throw a ridiculous long set of commands that even a sysadmin who writes their own shell scripts for fun, finds tedious … You’re doing something wrong.

Why can’t you just bundle this as a SCRIPT, that users can just run??? You could just ask them to create a separate template VM, and run the setup script in that.

Do you want to know what the most ridiculous part of this guide is? This little box EVERY TIME describing sudoedit. This guide is wayy too long already, and it’s going to waste screen space describing stupid sudoedit like 20 times. Show it ONCE at the top of the instructions.

But moreover, I modified /etc/uwt.d/50_user.conf . I installed dante, carefully copying every single command. I even dropped them into #!/bin/sh so that I couldn’t screw it up. It all ran with no errors.

This is a pristine brand new never touched VM so it should JustWork™. But it doesnt. So I tried the OLD method (well actually 3 of the 4) and of course that didn’t work because Mozilla controls Tor, and they constantly and intentionally break everything with new releases to make everything more complicated.

I need a VPN after Tor for a couple very specific use cases, and I can’t, because this is broken.

I have done this before on another Qubes install and it wasn’t this hard.

In fact, I remember changing some onion-grater setting in a whonix gateway, which is notably absent in this so guide. A guide which has been nothing but a waste of hours of time now.

I’m sure you’ll just remove this post but please forward it to someone who can fix this. Nothing will make your users more upset than giving them hundreds of lines to read and follow, only for it to not work.

I mean ffs, in all the time it took someone to write that guide, they could’ve just written a script to implement it.



I just now included wiki template which explains why this is difficult.

Also added “This is difficult and may not work for you.”

Whonix does one thing and does that one thing well, that is ensuring that all traffic is router over Tor.

Additional stuff such as user a VPN after Tor using Tor Browser (user → Tor → VPN → destination) isn’t the core “responsibility” of Whonix.


There’s nobody to forward it to. This stuff is so difficult, you won’t find anyone on the internet who will help you do this for free. Even finding people who offer to solve this issue for a payment will be very hard.

At least two reasons.

Because I’ve spent countless hours to the the guide as far as it is now and didn’t want to spend more time on it because this affects a small amount of users only.

Also once there’s a script it adds another layer of complexity, another barrier. Then even less contributors are capable of contributing to the complex reconfiguration in case in the future something breaks (as might have been broken here). Then not only one needs to figure out how to do the complex reconfiguration. But on top if it figure out the current way reading the script. And to contribute a solution, modify the script.

It’s now more difficult due to changes outside the control of the Whonix project For details, same link here: Template:Tor Browser Change Proxy Settings Why Difficult - Whonix

1 Like

One reason why this might not work:
Because the VPN is generally not being used.
Did you test if the VPN is functional outside of using Tor Browser?

1 Like

Thank you for looking past my frustration last night and providing a reasonable and cogent reply.

It’s funny the more I learn about software and systems, the more I realize just how few people there are that actually do/understand this stuff. I am at an advanced script kiddie at best.

I did check that the VPN was both TCP, and functional outside of a Whonix context. Of course, it was the last thing I double checked, because it was a temporary VPN created over Tor, intended for post-Tor operations (don’t want to compormise your IP to the VPN provider).

Anyways, sorry for my poor form.

1 Like