I have setup a Windows-Whonix-Workstation just like instructed in the Whonix documentation. I have no reason to believe that something is not okay since check.torproject,org shows I am using Tor and I can browse onions so all traffic seems to go through the virtual cable into the GNU/Debian-Whonix-Gateway and from there over Tor.
There is however once thing that makes me suspicious. When I run a speedtest on the workstation, it shows me a download speed of nearly 2Mbit/s. Is Tor really that fast meanwhile? Or is this simply not possible?
Could be that fast at times. When you happen to choose three fast replays. At lower traffic times. I don’t know.
As long as the speed test is much slower than your clearnet result, it seems good to me.
Could also be a bug in the speed test.
And instead using these speed test pages which may have bugs, consider making your own speed test. You just need to know how big a file is and then measure how long the download takes. Compare with files of similar size from clearnet.
As long no website or application from within Whonix-Workstation is capable of detecting your real external IP, we’re fine. Fortunately, there has never been such a report yet.
[quote=“adrelanos, post:2, topic:32”]Could be that fast at times. When you happen to choose three fast replays. At lower traffic times. I don’t know.
As long as the speed test is much slower than your clearnet result, it seems good to me.[/quote]
Tested meanwhile on Whonix and on a normal machine with TBB and I get similar results. Tor is that fast apparently.
What is interesting: When I tunnel a VPN through Tor and repeat the speedtest, I routinely get much lower speeds, typically around 0.5Mbit/s. I would have thought that Tor is the bottleneck. I can’t believe the VPN slows everything down because it should have never less than 2Mbit/s
Obviously I don’t want to connect directly to the VPN to check its speed, to not link myself to the VPN account.
I have installed TBB 3.5 on the Windows-Workstation and it won’t work. It says “Tor failed to establish a Tor network connection. Network is unreachable [WSAENETUNREACH ]”. I’ve messed around a bit but nothing will work. I’m also worried because of this:
This seems directly related to the problem of using TBB on a Whonix-Workstation and it says it could end up with the Workstation knowing its external IP.
What I would need is a Tor Browser for the Windows-Workstation. The Tor Browser Bundle has too many things that are not needed on a Whonix-Workstation (no matter which OS) with Tor already running on the gateway. It is packed for non-Whonix users. Unfortunately I can’t find a Tor Browser (not Bundle) at torproject. From what I have read it did exist in the past.
I have installed TBB 3.5 on the Windows-Workstation and it won't work. It says "Tor failed to establish a Tor network connection. Network is unreachable [WSAENETUNREACH ]".
For testing only: other applications such as Firefox are functional?
I'm also worried because of this:
https://www.whonix.org/wiki/Dev/CPFP
You don’t have to be worried. CPFP doesn’t do anything when it’s not used. CPFP is installed on Whonix-Gateway independently from Whonix-Workstation. It’s up to Whonix-Workstation to make use of it or not. In any case, by design dangerous control port commands such as “GETINFO address” are filtered by CPFP on Whonix-Gateway. No matter if a Whonix-Default-Workstation or Whonix-Windows-Workstation.
This seems directly related to the problem of using TBB on a Whonix-Workstation and it says it could end up with the Workstation knowing its external IP.
No.
What I would need is a Tor Browser for the Windows-Workstation.
Yes.
The Tor Browser Bundle has too many things that are not needed on a Whonix-Workstation (no matter which OS) with Tor already running on the gateway.
Only it's Tor integration.
It is packed for non-Whonix users.
Yes.
Unfortunately I can't find a Tor Browser (not Bundle) at torproject.
From what I have read it did exist in the past.
There was TorButton for Firefox in past but that is no longer possible, discouraged.
We don’t have Windows instructions for running Tor Browser (TBB 3.x) with Tor running on another machine.
The old TBB 2.x information stubs are here:
With TBB 3.x you can try to remove the tor-launcher add-on using Tor Browser (same as Firefox’s) add-on manager.
Or try to delete file: tor-browser_en-US/Data/Browser/profile.default/extensions/tor-launcher@torproject.org.xpi
Then change proxy settings to use socks 5 IP, 192.168.0.10, port 9100 in Tor Browser settings. For the latter,see: Tor Browser Essentials
Please try and tell us if it worked.[/quote]
Success! I was able to start the Tor Browser by renaming the file “tor-launcher@torproject.org.xpi”. The Browser starts now and all is fine. Yes, all other applications worked before (normal FF, BTC wallet client…), just the tor browser from the bundle wouldn’t start and issue just an error message (see previous message). As I understand the normal FF with https-everywhere and noscript is still not as hard as the tor browser because it lacks some specific security patches that only the tor browser has. That’s why I asked how to get TBB working on the windows workstation. Thank you again, I am really happy now.
On a side note: After renaming that file, starting the tor browser and applying the socks5 settings as you have suggested, the renamed file has magically disappeared! Only torbutton@torproject.org.xpi is there now. Is this normal? Is TBB doing some checks and deleting files that seem suspicious because they were renamed?
As for the socks5, should I keep the “no proxies for 127.0.0.1”? This was there by default and I kept it.
I haven’t tried removing the tor launcher by going to the add-on manager because the browser wasn’t starting at all so I couldn’t access that manager. Also there is no environmental variable named “TOR_SKIP_LAUNCH” or anything similar in the OS setting. Fortunately renaming that file did the trick.
Is TBB doing some checks and deleting files that seem suspicious because they were renamed?
Probably no. Attempting things that way would be an even more flawed concept than antivirus. Once malware infected the system they have far better methods for compromise. Dropping files in Tor Browser's folder isn't required.
I guess this is a Firefox feature (which Tor Browser inherits) which deletes add-on files that do not match it’s name or the naming scheme.
As for the socks5, should I keep the "no proxies for 127.0.0.1"? This was there by default and I kept it.
Yes.
Also there is no environmental variable named "TOR_SKIP_LAUNCH" or anything similar in the OS setting.
I am sure it's not there by default. You'd need to follow some instructions similar to these: http://support.microsoft.com/kb/310519