Windows-Workstation question:User-->TOR-->VPN-->Internet

Although I’m aware that custom-workstation users are supposed to help out themselves but still, any help would be appreciated.

-The windows workstation is set-up as per the wiki guide,tor is working fine.

-I believe the wiki regarding vpn after tor is for whonix-workstation users only, since it has much to do regarding disabling stream isolation etc apart from obviously being for debian.

-Therefore I simply used a free tcp-compatible vpn (vpn gate) to try out, and the exit ip address did change.

I just wanted to know that with all this setting-up of virtual network adapters(by the vpn) and subsequent changing of default gateways(by the vpn I believe), is or does the tor-whonix-gateway somehow gets bypassed, how could one check?

Sorry for the noob question though,since my networking knowledge is limited.The VPN is sadly required to bypass excessive tor censorship which one faces nowadays.

P.S: Also I found that the link for the custom-workstation9.ova in the sub-sub section of the windows section namely"If you want to download and import Whonix-Custom-Workstation template (experimental, testers-only)" is down (shows a 404, or maybe downloads through tor are blocked).

I’m assuming that you’ve configured OpenVPN inside your Windows-Workstation running under VirtualBox.

First, to answer your question, there is no alarm or popup or automated system that will tell you that the Gateway has been bypassed. The easiest way to actively monitor your traffic is to launch arm in Whonix-Gateway. This will show you download and upload bandwidth being used and you can estimate if what you see is reasonable. A complementary tool called onioncircuits by Tails will show you the precise circuits being used for each of your destinations. (You can install this via Jessie-backports). Neither of these tools will help you identify if a portion of your traffic is selectively bypassing the Gateway. So, TL;DR, it’s hard.

Having said that, it helps to understand what it takes to bypass the Gateway. When you configured the VM settings with the VirtualBox manager for your Windows-Workstation, you set the network adapter to use an Internal Network. No amount of configuration or tinkering within Windows-Workstation can change that setting because the setting exists only in the world of your Host OS. Your workstation has no concept of that setting. So for malicious code to bypass the gateway, it would need a “hypervisor privilege escalation exploit” to break out of the VM and make changes to settings on your Host OS. These are relatively rare but do exist.

Another possibility might be a zero-day that exploits the Tor client running in your gateway. (I don’t know if any have been found to-date).

Some more advanced topics you might look into as you continue:

  • corridor is a whitelisting firewall that only allows traffic to tor nodes.
  • other whonix hypervisor platforms (xen, kvm) may be more secure than virtualbox
  • (and of course, I’d be remiss not to mention the elephant-in-the-room, Windows, which is a highly fingerprintable OS with unknown trust characteristics.)

Thank you! I didn’t know about arm and onioncircuits, the latter(actually both) seems to be a good solution!


Seems interesting but too complex to implement without a guide, apart from the fact that it is unsupported on non qubes-whonix.

Will surely see.

Yes.But using windows is more of a necessity than a preference, which I’m sure is more or less the case with anyone who does so.
On a related note could you suggest some trustable anti-malware/virus and/or firewall software,if there are such.

1 Like

As you’ve noticed, there’s lots of room for personal growth around here. :slight_smile:

Computer Security Education - Whonix
In decades of PC use, I’ve never been visibly compromised by malware - even as an exclusive Windows user. That’s attributable to luck, limited user privileges, good passwords and some light sandboxing using VMs and programs like Sandboxie. It also helps to not be a target of criminal gangs, law enforcement or intelligence agencies. :slight_smile: YMMV but in my experience anti-malware programs have only led to false positives and degraded system performance. As the link describes, they are only really effective against unsophisticated attacks - which can just as easily be prevented by good habits.

For Whonix, no additional firewall is necessary since Whonix-Gateway already has implemented a very restrictive firewall. Any traffic to your Workstation has to pass through this firewall first. Tor exit nodes do not accept new, inbound connections so that helps too. For non-Whonix, general Linux use, uwt is a popular, user-friendly option. For outgoing traffic, you can just use the built-in Windows Firewall. But realize that firewalls in general, are not leak prevention mechanisms. (No firewall or even Tor will help you if a malicious Windows update decides to steal all your info.)

I am a lifelong Windows user and still am.

  • I like playing with new tech and the newest, shiniest things show up on Windows first.
  • Switching costs for some applications are too high for me.

That said, the way I use Windows has changed drastically since I’ve taken the “red pill”. I severely limit personal info on any connected Windows (or Android) devices. I don’t place any sensitive info on connected Windows machines. Any Windows machines I use for work are all air-gapped. In the past, this meant using usb, cd, etc for transfers. My current project is to set up a “virtual air-gap” using Qubes. So a physically separate, fully accelerated Windows machine that doesn’t have direct network access but can exchange data over Qubes networking pipes.

1 Like