I find the available information on VPN setup after Tor on Whonix-Workstation rather confusing and complicated (I am talking about non-Qubes Whonix). I first read this official documentation
and gathered that I have to perform various complex modifications to the Whonix-Workstation in order to make it work. Things that I have never touched before, such as the Whonix Firewall, the 50_user.conf, openvpn_unpriv.conf and openvpn conf, that I have to install a resolvconf package… Definitely to complicated for a (yet?) non-technical user as me: when I use Whonix, I rather not mess up with things that I don’t fully understand the consequences.
So instead of messing with all these settings that I barely understand, I just ended up installing the AirVPN client (Eddie), corrected a few things inside the client (disable DNS and route checking) and… it works! Usual fingerprinting and leaks websites on Firefox correctly show my IP and DNS servers as coming from AirVPN. Tor Browser works just as usual (Tor exit nodes, nothing wrong on Tor IP check page: https://check.torproject.org/). Even more surprising, stream isolation seems to work: applications listed in the stream isolation page:
such as curl and wget show Tor exit nodes, and VPN exit IPs if used with UWT_DEV_PASSTHROUGH=1 command. Normal SSH command connects seamlessly to hidden services, and fails to do so with UWT_DEV_PASSTHROUGH=1, as is expected with VPN clearnet traffic!
So I have a perfectly well working VPN that does not know my identity and a working Whonix-Workstation that seems to allow Tor stream isolation at the same time, without me performing any obscure and poorly understood manipulations in the machine as per the official documentation. Is it really that easy? Is there something wrong with my configuration? Is there something that I have missed and that I should pay attention to?