Whonix Gateway Questions

Support
1

Hi,
I´m new here and have a couple questions regarding the Whonix Gateway. I am not particularly experienced in computers, but am very interested by them.

I have a Raspberry Pi running Pi-Hole and Pi-VPN, and after setting them up (quite easy actually), I started to get interested in security, anonimity, privacy issues. So I have started to work on a larger, better project. I put together a PC, loaded Debian, and am looking forward to setting up my own cloud and email service from that “server”, also I want that PC to be my “Gateway” to my home network, and of couse security is important, so I was thinking of using the same setup (Pi-Hole, Pi-VPN) as before, but after reading a bit the VPN will have to go, Pi-Hole works fine and would definitely like to keep it.

I have a few questions: will setting up the Whonix Gateway in a VM on this server help make my forays into the internet anonymous ?? will it work for all the PC´s in my network, considering this will be the only access to the internet for my home network ?? Will Pi-Hole continue to work (really good not having those ads) ?? Will my email server and cloud work behind the Gateway ??

Lastly, assuming all works fine behind the gateway, how do I manage to make all this setup work say if I want to access my cloud or email from my phone, or from my laptop, when not in my own private network at home. How can I access my stuff from the outside, while not beaking the benefits of the gateway and TOR ??

Will this setup work ??
TOR ------ Home Server (whonix gateway, cloud, email, pi-hole, etc.) ---- Home LAN

How do I get this to work ??
Phone/Laptop ---- TOR ----- Home Server (whonix etc)

I hope this is clear enough, I am not tehnical to any degree, so please bear with me if I´m not accurate or detailed.

Thanks

Manuel

2

A Whonix VM alone doesn’t anonymize host traffic or anything in the LAN without further configuration.

Except, see:

That’s hard to combine. Tor Browser in Whonix-Workstation talks to Tor on Whonix-gateway. Tor encrypts (see “how does Tor works” for where it encrypts and where not) the traffic. Therefore nobody else on the LAN can can decrypt it / modify it. Therefore, no ad filtering possible on that level.

Also see:
“Should I install a new add-on or extension in Tor Browser, like AdBlock Plus or uBlock Origin?”
Should I install a new add-on or extension in Tor Browser, like AdBlock Plus or uBlock Origin? | Tor Project | Support

No, not out of the box. Hosting servers over Tor works differently. There are some options of hosting servers of Tor. See:

Phone will lower security level.

SSH / VNC over onion.

Server over onion.

3

Anonymity is more than just a shared IP. The desktop environment you are using and the apps running on there should not be leaking identifiers all over Tor exit nodes linked to you. That’s why running something like a cellphone (with a carrier ROM) is a really bad idea.

But conceptually it should be possible:

To make this work, you would install something like Sparkleshare in Whonix Workstation for self-hosted file sync and all your other applications like email client.

To redirect other devices through Whonix Gateway passthrough a USB wifi stick to Whonix Workstation and install wpasupplicant and wifi support packages and run it in AP spot mode. Similar to how you can run a phone wih tethering mode. You may need to bridge this wireless interface with WS egress. This way your server should act as a second Tor wifi besides the telephone company’s model that it would use to connect to the internet.

Stuff like hosted server services on the workstation require hidden service config instructions as Patrick mentioned.

2 Likes