VPN inside Whonix-Gateway (in addition to VPN-Gateway)

Hello,

I have set up a separate VPN-Gateway in Qubes-Whonix which is running fine. Now I wanted to install another VPN inside Whonix-Gateway as described here:

At the end, while checking the OpenVPN systemd service status I am getting what is described here:

So it seems to me this is expected behavior and while searching for a solution I found several advices to not run a VPN within a template (whonix-gw).
I am a little confused about what setup I should use or whether I should remove the configuration for a 2nd VPN inside the whonix-gw?
Some advice would be nice.

alfred:

I have set up a separate VPN-Gateway in Qubes-Whonix which is running fine.

Why not another separate VPN-Gateway?

At the end, while checking the OpenVPN systemd service status I am getting what is described here:
https://www.whonix.org/wiki/Tunnels/Introduction#cite_note-3

So it seems to me this is expected behavior and while searching for a solution I found several advices to not run a VPN within a template (whonix-gw).

Right.

I am a little confused about what setup I should use or whether I should remove the configuration for a 2nd VPN inside the whonix-gw?
Some advice would be nice.

You’d have to do this inside sys-whonix. It’s not documented, therefore
for now unsupported. You’d have to keep persistence in mind and use
https://www.qubes-os.org/doc/bind-dirs.

But again… Why not another separate VPN-Gateway? Seems simpler.

Thanks for your answer. I read the whole section on VPN and Whonix again and I also read the Hardening Qubes Whonix topic which helped me a lot in understanding.

I will use a VPN (or maybe two) before Tor for the moment but will do a setup without a VPN as well.
I reinstalled the Whonix templates to have clean templates again. I did it manually like described here to get the latest templates:

Thanks for all your hard work!