Whonix-Gateway / Whonix-Workstation - Torified Wi-Fi Hotspot?

Hey guys, I’m essentially trying to achieve this same thing:

Connecting a USB adapter to a Whonix Gateway and creating a wireless hotspot so that devices connected to the hotspot get routed through the tor network. Is this possible?

I’m using an Ubuntu v16.0.4 host with Virtualbox v5 and the latest Whonix v13.0.0.1.4 Gateway.

Any help configuring this would be greatly valued.

Possible yes but not out of the box. Would require installing the wireless drivers on the gateway, hostapd etc and at least changing the interface in the firewall rules. One of the advantages of Whonix is that even malware with root access on the Workstation can’t find you IP address. When you use a custom workstation which connects over wifi an attacker could probably not find your IP directly but due to other potential access points nearby could track you down easier. Additionally you have to take of wifi security in general.

You can technically and more easily achive this by using a tethered connection to a phone running Orbot. However its not a strong guarantee against deanonymization for the reasons @Algernon mentioned. It also won’t magically fix the shitty apps that leak all kinds of unique identifiers about you over Tor. Whonix Workstation is designed to make sure that internet facing software is uniform with all other users.

@Algernon

"wireless drivers on the gateway, hostapd etc "

Can you give some more detail here? I see hostapd in the apt repositories but wireless drivers and etc? Such as?

I know NetworkManager automatically reconfigures the iptables for devices acting as a hotspot. I’m just worried that’ll break the gateway routes or something.

@HulaHoop

" not a strong guarantee against deanonymization"

Thanks. I don’t use tor for high anonymity purposes. I’m not a journalist, activist, or whistleblower. I just enjoy a simply layer of privacy from time to time. Creating a tor wifi hotspot would also allow me to easily torify other devices in my home like my tablet and kodi/rpi3. I don’t use android so Orbot is out of the question unfortunately.

Thanks again for your answers!

Whonix is ~99% Debian. There should be plenty of tutorials for wifi hotspots on Debian. Wireless drivers depend on your hardware i.e. manufacturer like atheros, broadcom … . “Etc” is probably mostly some kind of dhcp server.
Not sure about NetworkManager automatically reconfiguring iptables, never used it to create a hotspot. You can test to rename the wifi interface to eth1 so you maybe don’t have to change the firewall configuration and other stuff where “eth1” is used. But I also never tested this.

1 Like

I was actually wondering to use a separate Whonix-Workstation to run a WiFi hotspot. Would be more leak-proof and easier than running this on Whonix-Gateway.

https://phabricator.whonix.org/T725