VPN Config Question

I want a Whonix -> Tor -> VPN setup.

I’m using a VPN provider with a .ovpn config generator on their site, and when I select Socks as the proxy it asks for a host and port number. Are there certain numbers I need to input there for the .ovpn config file generation, because the defaults they give aren’t working? I don’t care about a failed close mechanism for now I just want to establish a connection properly.

Thanks for all the work you do, Whonix devs, this is a great project.

Without knowing / seeing the .vpn config generator I don’t think I can answer this.

Related to VPNs I don’t know what socks has to do with it. Therefore to have a chance I’d need exact text or screenshot.

1 Like

I can also choose no proxy or HTTP, and with HTTP they give authentication options too. For authentication you can choose none, basic, or NTLM with login and password options for basic and NTLM.
Are any of these choices better than the others, or can you still not know without seeing more?

I can try different choices and see what works as long as it won’t leak my IP. There’s no chance of that since I’m inside the Workstation right?

Have you read the page in the wiki about Tor->VPN?


I believe the main thing is you have to use TCP because UDP over Tor doesn’t work, but I could be wrong about that.


You’re getting too much hooked up with this generator thingy. A VPN is a VPN, not much to do with Socks/HTTP proxy. Socks/HTTP proxy settings may make sense in context of non-Whonix where people are forced to connect through a proxy but little sense in context of Whonix.

1 Like

Okay I get it, so choosing no proxy for this wouldn’t be a bad idea then? I’m gonna go with that. Thanks for your help.

1 Like

It’s the first time I hear anyone using a proxy in their OpenVPN config with Whonix.

1 Like

It’s a moot point so long as I only want to protect my real IP though right? I just don’t have a good understanding of proxies and tunneling so I got confused when I saw the option.

I think I’ve got a working setup but I wanted to check about a couple more things to be sure. I’m connecting to the VPN using the config file, no proxy, and the connection starts fine. Then I’m opening Tor Browser with this command:


Looks like it’s all working, but I have two questions.

It says in the documentation that Tor Browser should give a warning that Tor is disabled. The VPN provider still can’t see my real IP though right?

Also, in the documentation where it says the TOR_TRANSPROXY=“1” environment variable change can’t be undone, is that true for all of the methods you give, or only for the last one where you edit the /etc/environment file? So when I just add the line to the torbrowser command like I’m doing now, does this also make a change that can only be undone by redownloading the browser?


I’m asking the last question because I redownloaded the Tor Browser and I’m not sure it worked for resetting the environment variable. I thought there was supposed to be stream isolation for each tab, but my IP address stays the same across all tabs. Is this normal?

Undo: remove system modifications (/etc/environment) and reinstall TBB or TODO research. That’s it.


1 Like