What hardware for whonix-gateway


I wan’t to setup whonix-gateway with physical isolation, but I don’t know what hardware to use.

From what I understand I need something with two Ethernet ports?
Some options I can see:

  • I have spare PC, but it have only one Ethernet port (and no Wi-Fi). Can it be used?
  • I also have some routers, but they don’t come with root access (I am pretty noob when it comes to routers). Would I need to hack it or something to use it as whonix gateway?
  • I don’t mind buying some hardware that can do the job, but I have no clue what to look for. Don’t wanna end up buying pile of stuff I won’t use.

I’ve read through https://www.whonix.org/wiki/Dev/Build_Documentation/Physical_Isolation and there isn’t much info about setup on any specific hardware. Any link that goes more specific into it?


You could add another Ethernet port using a PCI(e) card or an USB to Ethernet adapter.


Hardware requirements are mostly: amd64 system, 128 MB RAM or more (depends on if you want to use the GUI or not) and two NICs.
Most routers are ARM or MIPS and there is no official Whonix image for those architectures but you could try to either cross compile or compile directly on the router. Both options are going to be slow, the second one will likely be slower. I’m not sure if Whonix will currently build successfully on something else than amd64 (or i386). Also most routers are not designed for high speed crypto stuff like Tor so the speed might also be slower than usual.
Your best bet regarding easy setup, compatibility and speed is probably your unused computer with a second nic or some amd64 router board (those will have multiple network interfaces and also a lower power consumption).
There was also a thread on Whonix on the raspberry pi: Whonix - Raspberry Pi


Thanks. I will try adding NIC or USB to Ethernet adapter to my spare PC and see how it goes.


I forgot to mention that you can also try the procedure in this post: Lean cutdown version of Whonix Gateway and Workstation for low spec notebooks + optional bare metal implementation
So you don’t need to build from source.