Whonix on 2 physical computers

Hello friends,

I learned that if the Whonix components are located on two different physical computers, then its anonymity increases.

To do this, me need to place the server Whonix and the client Whonix on different computers.
Unfortunately, on the official website of the Whonix I didn’t find any instructions on how to do this.

Please give detailed instructions on how to make this separation Whonix and configure it.

Wow! This excellently, thank you very much! :yum:

Ok, is it possible to use a router with firmware OpenWRT for Whonix-Gateway ?

Art time of writing, there is no maintainer for that and neither one on the horizon. Therefore:

I understand you, comrade. Okay, then how would you rather the idea of using this Tor-router as a Whonix-Gateway?


According to its developer, it even has Markov chains, which significantly increase the anonymity of the entire system

Just adding a transparent Tor gateway without a Whonix-Workstation, without any regard for application level leaks, is equivalent is zero percent anonymous. It has transparent proxy leaks.

For example, even a simple cookies previously used to login to gmail / Google would de-anonymize independent of any IP level anonymization.

That feature seems like an add-on.

While for Whonix, anonymity is the main purpose, design.


Dear friend, of course, I don’t want to use Tor-router as the only protection.
I want to use this router only as a Whonix-Gateway, to which then will attach Whonix-Desktop on Virtual KVM.
(at the same time, physical isolation will be obtained).

Is it a good idea in this form?
Or is it worse than Wnonix-Desk & Whonix-Gateway on Virtual KVM?

Unfortunately it’s difficult, mostly undocumented to connect a Whonix-Workstation with an arbitrary Tor-router.

Not recommended procedure (can cause Tor over Tor and other issues…), But its possible with RPi and TorBox check:

Thank you, but I’m afraid of RPi :worried:
Because the proprietary operating system is embedded at a lower physical RPi level. the content of which is hidden and it is unknown to anyone:

This operating system is closed source and rules the system without the open source Linux Kernel being aware of it. When the Raspberry Pi starts booting the CPU is completely disconnected (technically in reset state) and the GPU is the one that starts the system. You can have a look at the /boot folder and you will see some of the binary blobs used by the GPU to both start the CPU and run its own ThreadX OS (bootcode.bin and start.elf).

And also let me ask you: how is Box better than Tor in OpenWrt and GL.iNet Routers?
It seems to me there is no fundamental difference between them, imho.

Both devices use transparent torification, right?

Im sorry i cant follow, which operating system that is closed source?

If you are talking about TorBox then its free software under GPL v3:

I need to test both in order to give good judgment which is something im not capable atm, but you can ask TorBox this question if you want for a better answer. Also cc @nyxnor might have a good answer about it.

Yes. I agree with you about the GPL v3 for TorBox.
But I are talking about a different OS, which is in every pure RPi and is located at the lower physical level. Apparently, this is the proprietary bootloader, which is not covered by the GPL.

If you are talking about stuff like TrustedZone or similar things, then this is no different in intel (check for example intel-ME) or AMD (check for example AMD-PSP).

Otherwise i might have misunderstood your message, please provide links/references to better understand you if i didnt already.

The RPI bootloader is proprietary, but also any other machine that is not coreboot/libreboot. Also, the operating system software is open source, what is not open source is the boot firmware.

I need to test both in order to give good judgment which is something im not capable atm, but you can ask TorBox thi

This repo is 5 years old, the torrc is outdated with deprecated options and the bare minimum. No socks isolation. Also they used the option AllowUnverifiedNodes middle,rendezvous which never sounded right to use unverified relays.

On the other hand radio24/torbox is actively maintained and has an easy to use cli interface to configure bridges.

Also, would be best if it was possible to run whonix on rpi arm64, but still not possible :(.
Also, Whonix with physical isolation is a difficult task, because of the manual configuration, you also have to run the whonix-ws to avoid tor over tor and other things.

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]