I am trying to make physically isolated whonix-gateway and make it work in whatever network it will be connected to. For that, I will need some tool to connect to it, BUT I may not be able to know the IP of it.
Here TeamViewer comes in handy. We dont need to know anything except of client number and password that is permanent despite externall IP address. The program works by connectiong to TeamViewer server and for that I will have to allow outgoing trafic through port 80 and 443 eht0, not through tor.
Is it possible? Gateway wont be used to connect to internet, for that I will have workstations, but I need some kind of controll and it cant be ssh.
Well, if you add TeamViewer, a commercial service, closed source proprietary software, this kinda defeats Whonix’s advantages. Then a third party can monitor everything you do and even do everything they want with your server. I’d recommend against. Maybe it’s possible, but let me suggest a few safer alternatives.
Alternatives:
You could consider reverse ssh. Keep the gateway constantly trying to establish an ssh connection with an IP (or hidden service) of your choice.
You could consider getting a stable “IP”, actually a stable hostname by settings up a Tor hidden service for the Whonix-Gateway. Probably best to combine this one with the one above for better reliability.
Last resort, you could also consider using DynDNS like services. However, I’d prefer the both above.
Hmmm, I think reverse ssh may be the thing I should use.
I dont want to use static IP, my point is to be able to connect it anywhere I want with automatically set IP address from DHCP with not known WAN address. That is kinda tricky, cuz I dont know anything about this gateway…
I don’t know if this reverse ssh will do for me, I need to get to know it.