Hello,
I am trying to run Whonix Gateway behind pfSense in a Proxmox environment, but Tor is stuck at 5% with “No route” errors.
Environment:
-
Hypervisor: Proxmox VE 9.1.1
-
Firewall: pfSense VM
-
Whonix Version: Whonix 18.1.4.2 (Gateway + Workstation)
-
Deployment method: Imported Whonix qcow2 images
-
Network topology:
Internet
→ pfSense WAN (vmbr0)
→ pfSense LAN (vmbr1, 192.168.1.1/24)
→ Whonix Gateway (eth0 → vmbr1)
pfSense Configuration:
-
WAN → vmbr0
-
LAN → vmbr1
-
LAN IP → 192.168.1.1
-
DHCP enabled on LAN
-
LAN firewall rule: allow LAN net → any
-
Outbound NAT: Automatic
Whonix Gateway Network:
Proxmox VM Hardware:
net0 → vmbr1 (no VLAN tag)
net1 → vmbr1 (no VLAN tag)
Whonix ip route output:
default via 10.0.2.2 dev eth0 onlink
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15
10.152.128.0/18 dev eth1 proto kernel scope link src 10.152.152.10
Tor log output:
[warn] Problem bootstrapping. Stuck at 5% (conn): Connecting to a relay (No route)
[warn] 12 connections have failed
[warn] 12 connections died in state connect()ing with SSL state (No SSL object)
Tor Control Panel message earlier:
“The network is disabled. A line DisableNetwork 1 exists in torrc.”
After enabling network again, Tor still remains stuck at 5%.
My Questions:
-
Why is Whonix still using default gateway
10.0.2.2instead of getting an IP from pfSense (192.168.1.x)? -
Is this expected when using Whonix qcow2 images in Proxmox?
-
Should the internal Whonix network be isolated differently in Proxmox instead of attaching both interfaces to vmbr1?
-
Is there a recommended Proxmox networking model for Whonix behind a firewall like pfSense?
Goal:
Run Whonix Gateway behind pfSense so all Tor traffic routes through pfSense for lab testing.
Any help or recommended architecture would be appreciated.
Thank you.