Add your questions here. Like this.

  • (zlikovski) Is communication between TorWorkstation and TorGateway encrypted? Can someone in LAN sniff what the TorWorkstation and TorGateway are communicating?
    • (anonymous) No, it's not encrypted. Destination is always sent in clear text, content in case of non-https connection and hidden services. However this is only a problem if you use Whonix in a non standard configuration. If you use the two VMs on a single host the network connection between them never leaves the host. If you use "bare metal" (Workstation and Gateway on two different physical computers with a real network connection between them) you _must_ use a point to point ethernet cable. This is because if there are other computers that have a direct connection to the internet on the internal network a compromised Tor-Workstation could start directly communicating with them and to bypass the Tor-Gateway. If you use multiple Tor-Workstations on an isolated LAN behind a Tor-Gateway this is indeed a possible problem we need to address. We can set up an ssh tunnel between workstations and gateway to protect against such network attacks from other compromised Tor-Workstations. We'll add something to the bare metal how to. Thanks for bringing this up!
    • (adrelanos) There is now a bunch of information about this in case you are still interested...
  • (anonymous) I want to use the quickest US based exit node(s) to watch video content only accessible for US located IP addresses so having a very low level of anonymity is no issue here.
    • (adrelanos) As a project (and guest on we may not help with anything what might be illegal. Please do nothing illegal.
  • (anonymous) How can I add Tortunnel/torproxy (or any single-hop alternative) to work in conjunction with Whonix?
    • (adrelanos) Torproxy is a CGIproxy. Whonix redirects on network level to a socks proxy. Using a CGIproxy might not be impossible, but I can not easily add instructions how to do so. (It would require a trans2cgi redirector and I doubt that anyone is working on something like this.)
    • (adrelanos) Regarding using a single hop socks proxy you have more luck. That should be easily possible. I'll add instructions to the bottom of Other Anonymizing Networks soon. Updating following here when I am done. UPDATE: my mistake, not that trivial, still possible and working on it. Update 2: Got started, but not done, see Proxy.

  • (torboxuser) I have tried my best to follow the "Bare Metal" approach to using two boxes - Gateway, Client. I believe I have succeeded with the Gateway portion, but the Client leaves me in a quandary. The docs mention something about bridging but no specifics, so I am unable to decipher what specifically the authors recommend: hardware solution, i.e.: using a crossover cable? or a software solution?
    • (adrelanos) Tor-Gateway and Tor-Workstation have to be connected by LAN cable. With bridging we mean the following: go to Virtual Box, right click on the VM, go to settings, network, choose bridged network (perhaps google for virtualbox bridged network if you like to understand what it does). It bridges the virtualbox virtual network adapter to the physical network adapter of the Tor-Workstation to enable connectivity to the Tor-Gateway.
  • (torboxuser) furthermore, the authors seem to recommend server only within a vm on the client side and what I was hoping for was a desktop (windows, *nix) within a VM with ALL net traffic routed thru TOR on the Gateway without exception.
    • (adrelanos) ALL net traffic is routed through Tor, without exceptions. You can use a full desktop (apt-get, see answer below). Ubuntu is best supported by Whonix, since we used Ubuntu to document and test everything. *nix is generally usable as well, you need *nix basic knowledge and distro specific knowledge to adapt it, shouldn't be hard. Comments about other operating systems and Windows are here Other Operating Systems.
  • (torboxuser) I am not sure of the value of server only if common GUI apps can't be used.
  • (torboxuser) Forgive me if this is not the place for this discussion, however; if it is, and with your help I am able to achieve this milestone I will be more than happy to publish my experiences and installation methodologies with you. In any case, thank you for all the work done and the successes you have collectively achieved.
    • (adrelanos) It's the right place for discussion. If there are further questions, feel free to ask again. Thanks for your interest!
  • (<anonymous>) <I have some questions after struggling for 2 days with Whonix: I have installed preconfigured Whonix images which are currently affected by the critical issue, so solving this issue by step 3 does not work, it gives me no such file or directory.
    • (adrelanos) Did you execute the commands on the Tor-Gateway? They will have no effect on the Tor-Workstation. Basically the content of the folder /var/lib/tor/ has to be cleared. That's all. Since we have no gui, is has to be done with command line commands, some linux command line skills are helpful. Are you familar with cd, rm, etc.? After step 1 login as root 'sudo su'. Then get into that directory 'cd /var/lib/tor/' and show the content of that folder 'dir'. 'rm -r /var/lib/tor/*' as root (or sudo) should clear it, I double checked it. If it's empty, you are fine.
      • (<anonymous>) Login as root has done it, thanks for the detailed description and steps.
  • (<anonymous>) Second question following instructions - update tor browser bundle - i have done it, but in the original version in the image I don't see Vidalia or Tor, does this means that when I use the new updated tor browser bundle it is starting Tor for a second time and is this a problem?
    • (adrelanos) Tor is installed on Tor-Gateway. Tor Browser is installed in Tor-Workstation. Vidalia is not used by Whonix (optional workaround available). We use arm as replacement for Vidalia (see Whonix/Readme). When you follow Tor Browser behind a transparent proxy or Whonix there should be no second instance of Tor. A second instance in Tor-Workstation would lead into a Tor over Tor scenario which is highly discouraged.
      • (<anonymous>) I have deleted Tor Browser directory on Tor-Workstation and I have downloaded Tor Browser Bundle and I have installed them on the Workstaion. I see from your explanation that this is wrong way to do it, and Tor should stay on the Tor-Gateway only, is that right? If so, how can I configure Tor on the Tor-gateway to use specific Tor exit nodes? (as I can from the torrc file on the Tor-Workstation from the newly installed Tor Browser Bundle, which includes, Tor Browser+Tor+Vidalia).
        • (adrelanos) Yes, Tor should stay on Tor-Gateway only. To specify Tor exit nodes you have to do all the changes on the Tor-Gateway. Go to your Tor-Gateway and edit torrc manually. The default directory is /etc/tor/torrc. You can open it for example with 'nano /etc/tor/torrc' (console editor).
          • (adrelanos) Additional: If you dislike using nano or all console editors, for example if you plan big changes, you can also use a graphical editor to edit it. Create the torrc on your host, use an editor of your choice and copy torrc back from your host to /etc/tor/torrc. Copying would require installing openssh-server on Tor-Gateway and using scp or mounting the virtual hdd of Tor-Gateway.
  • (<anonymous>) Third and most important question: howto install Flash in this image? I have tried everything - all commands in terminals doesn't work or do the job, I've installed Firefox Add-on: The Flash-Aid, it finally installed flash, but I don't see it in the Tor Browser Bundle folders and when I go to some websites they say please update flash, but when I try to install it from the browser it always gives this message that doesn't know how to open the .apt>
    • (adrelanos) That is because plugins are deactivated by Tor Button by default settings. It's not recommend but it should be possible to use Flash or other plugins. I added Flash or other Browser Plugins.
      • (<anonymous>) I've managed to install Shockwave flash. From the details on Whonix I see that it should be quite possibly the real IP address not to be leaked, but you're tests are quite hard to execute and give some errors I can't solve.
        • (adrelanos) I doubt the real IP can be leaked. The concern against flash are 1. likability (flash cookies etc., all your flash videos watches can be correlated to the same pseudonym) 2. fingerprinting (the flash binary will probable leak lots of information about your virtual operating system) 3. security (flash has a history for remote exploits, more concrete: the risk for your virtual operating system to get infected by trojan horses etc. is higher). But anyway, if you must use it, I guess using a transparent proxy like Whonix is your best bet. Of course you can try to avoid using flash, by using the frequently recommend workarounds (none of them is perfect and a 100% replacement), such as gnash, flash video replacer, html5, flash video download and convert.
      • (<anonymous>) Is it expected soon for you to make new Binary images with the beta Whonix?
        • (adrelanos) No, I am not going to create new ones. I will keep on developing, documenting, testing and answering questions, but can't do everything alone. Whonix is a community project and needs help from the community. One thing we need, as mentioned on the Whonix front page, is a packager.
  • (anonymous) I've installed ARM to control Tor in the Tor-Gateway but when I start ARM it says: "Connection refused. Is the ControlPort enabled?" Would you help me configure Tor/ARM in the Tor-Gateway?
    • (adrelanos) Yes, try 'sudo -u debian-tor arm'.
      • (anonymous) thanks worked fine
  • (anonymous) Why is in the Tor-Workstation in the Firefox network setting set a socks-host to the local ip? I thought in the Tor-Workstation I can use any software without setting a proxy because everything is automatically routed through tor (transparent proxy)?
  • (anonymous) Is it a big security problem when installing guestadditions from virtualbox in the Tor-Workstation? I need the shared clipboard and the easier file transfer between host and Tor-Workstation.
    • (adrelanos) I am not aware of any known vulnerability when using guestadditions. I am not aware it instantly breaks anything, but it's less tested. Provides more attack surface, see Security And Hardening for details.
      • (anonymous) I try to install the guestadditions in the tor-workstation but get a error message that the header for the current running kernel 3.0.0-16-generic-pae were not found. installed dkms as described in the manual. maybe you can describe it in OptionalConfigurations step-by-step with mounting a shared folder because its very usefull?
    • (adrelanos) There are only a very few workarounds, How to safely transfer files between host, gateway and tor-workstation, SSH into Tor-Workstation. Maybe also VNC into Tor-Workstation through hidden service (untested), but will probable lag too much.
      • (adrelanos) Well, guestadditions have always been tricky. If you google, you'll see that loads of people always had issues with that beast. It's not a Whonix issue. I can try to help anyway. Which version of Whonix are you using? Ubuntu oneirirc or precise? I tested with precise, but same instructions could work on oneirirc. Within Tor-Workstation, you need to do 'apt-get install build-essential' and 'apt-get install linux-headers-generic'. Then click in VirtualBox install guestadditions, go back to Tor-Workstation, start from the CD. Tell me, if it worked for you.
        • (anonymous) I use the binary images 0.1.3. I have done 'sudo apt-get install dkms' (installs without error) 'sudo apt-get install build-essential' (installs without error) and 'sudo apt-get install linux-headers-generic' says is already in newest version installed. but doing 'sudo sh' (run autorun does nothing) brings the same error message: The headers for the current running kernel were not found. If the following module compilation fails then this could be the reason.Building the main Guest Additions module! errorlog: Error! Your kernel headers for kernel 3.0.0-16-generic-pae cannot be found. Please install the linux-headers-3.0.0-16-generic-pae package, or use the --kernelsourcedir option to tell DKMS where it's located Failed to install using DKMS, attempting to install without /tmp/vbox.0/Makefile.include.header:97: * Error: unable to find the sources of your current Linux kernel. Specify KERN_DIR=<directory> and run Make again.
        • (adrelanos) Try 'apt-get install linux-headers-generic-pae' and try again. If that doesn't work, try 'apt-get purge linux-headers-generic-pae linux-headers-generic'; 'apt-get clean'; 'apt-get update'; 'apt-get upgrade'; 'apt-get dist-upgrade';'apt-get install linux-headers-generic' and try again.
        • (anonymous) Both didn't work. After doing both solutions I will get the same error message as posted above. Would you try it with a clean vm from the binary images 0.1.3 and write down the steps to get guestadditions in the workstation installed? maybe this could be useful for all in the optional section.
        • (adrelanos) See if VirtualBox Guest Additions helps.
          • (anonymous) I try with a fresh Tor-Workstation-0.1.3 binary image exactly as described on VirtualBox Guest Additions but didn't worked. the same error message as described above. some kind of frustrating. will there be a Tor-Workstation-0.2.0 binary image which works with the description?
            • (cypherpunks) what about "sudo apt-get install linux-headers-3.0.0-16-generic-pae"?
              • (anonymous) Worked! Get the guestadditions with this installed and shared folder as well. only shared clipboard didn't although its activated in the workstation configuration.
              • (adrelanos) Perhaps it will work after rebooting host and VM. The guestadditions are really buggy. Where there any errors while installing the tools?
          • (adrelanos) With 0.2.0 the instructions might work out of the box. I'll look into it once it's released. If that isn't done a few days after release, please post here again.
  • (torboxuser) Hello proper, I have, as far as I know, diligently followed the recommended installation instructions for bare-metal, including oneiric, separate boxes, (non vm install) and tor-workstation.ova (vm install). Everything seems to work on the gateway. I have connected eth0 on the workstation with eth1 on the gateway via crossover cable (eth0 is connected to the internet router). I can ping the workstation from the gateway, but not vice versa, either from the vm or from the host: they both say "destination port unreachable". I have set the network settings on the ws vm to bridged from internal, but it doesn't make a difference. When u have time, any suggestions would be appreciated. Cheers!
    • (adrelanos) "destination port unreachable" is normal, because the Tor-Gateway rejects ICMP (ping is ICMP) for security reasons (it's not supported by Tor and not required for anything else). See /etc/ on the Tor-Gateway. The rule is "iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable". Thanks for bringing this up, I add it somewhere. Apart from this, does it work for you?
  • (anonymous) What was that news item about: "The latest TorButton update may break Tor Browser within Whonix"?
    • (adrelanos) I think TorButton was auto updated and the TorBrowser proxy settings were set back to default. Resulting in broken network connectivity. Downloading the latest TorBrowser using the script will fix that issue.
      • (anonymous) I try the script version 41 with the Tor-Workstation-0.1.3 binary image and get lots of errors when updating TorBrowser. pgp errors key is not certified, directory and file errors while creating or removing.
        • (anonymous) the old script didn't yet handle updating, I'm afraid you just broke the tor-workstation, hope you made a snapshot? You need to grab the latest script and run it with the "-update" flag. I realize we could make a better job explaining that.
  • (Mist) Hi! Im pretty new to Whonix. I cant seem to get the working. The TOR-Workstations just says that its an unknown command. Can anyone give me a hint how to get leaktesting working?
  • (adrelanos) Hello, which Whonix version are you using? Do you know linux command line basics, i.e. how to download a script, make it executable, run it? Where did you see .sh? Please post a link if possible. The current versions of our leak test documentation does not suggest using .sh anymore. I am happy to assist with leak tests.
  • (Mist) Sorry my bad...there was no ".sh". I am a beginner user of linux/ubuntu. So i know some of the command line stuff in linux (starting terminal window...using sudo apt-get and stuff, installing pan newsreader and editing stunnel4 config file). So to answer your q, not a real NOOB, but close. I use "Tor-Workstation-0.1.3" and "Tor-Gateway-0.1.32", downloaded from here "". Then i walked through the guides and saw this: "In your own interest, you should do the additional Whonix/LeakTests, to check everything is properly set up.". So i tried the instructions on that page..."Login as user, open a shell as user or su user.". I suspect a 'shell' is another term for terminal window, yes? so i typed "sudo leaktest" after the command prompt in the gateway and in a terminal window in the workstation. Nothing happened, only the linux sytem reports "sudo: leaktest: command not found". Google search offered no assistance...and now im stuck, and its probably easy, i must have misread, so i feel stupid for not getting it to work. Thanks for your help, it's appreciated! I hope i gave enough info.
  • (adrelanos) No problem. Yes, shell is used as a synonym for console/terminal. (Not sure if that is correct.) That didn't work because you read the chapter "Leaktesting on Whonix 0.2 and above". "Old, manual Leak test (for Whonix 0.1 or other projects)" is correct. It will redirect to Whonix/LeakTestsOld.
  • (Mist) a...well..then i did misread. thanks for the help :). I thought i had the latest version cause i just downloaded it. Should have seen the
  • (torboxuser) After 6 weeks I have finally installed your "bare-Metal" option on two std boxes using Ubuntu 12,04 Precise ( using the Alternate version for encryption purposes ). I used a crossover cable to network them. I have to say that, in the main, your scripts and instructions worked perfectly. The reason it took me so long had to do more with my blunders occasioned by my mis-interpreting your instructions. Here are my comments: a) the build script failed at some point and after looking around and checking your scripts I simply restarted from Whonix-Vbox -tw and all went well thereafter, perhaps a checkpoint log file to go along with the scripts might prove useful; b) my network wasn't properly set up: I cheated and used a separate router to install the workstation; afterwhich I reset the interfaces file on the host for TW as specified in your instructions (, except that to make it work I had to add the following line to the host for TW - dns-nameservers I also had to execute the following command from the host for TW - VBoxManage modifyvm Whonix-Workstation --nic1 bridged --bridgedadapter1 eth0; c) finally, the terminal app in the VM had to be tweaked in order to see anything on the screen: I simply clicked on preferences/colors and chose black on white. The gateway installed without a hitch, as per your instructions under "Bare Metal". I haven't fully tested the installation at this point, but the browser works as I am using it to formulate this comment as per your request under my previous missive. Well done!
  • (adrelanos) Thanks for your report. I strongly recommend to reset the nameservers in T-W to point to T-G, otherwise DNS will leak. The Whonix-Vbox script was a part of an attempt to build Whonix 0.2.0 (in development) using debootstrap. You are using an older dev version of 0.2.0 of the shell scripts (therefore the console color bug, which should for a few days). This wasn't tested. Great that it worked out. We better call the next release Whonix 0.2.1. Sorry for the confusion, after the next release we should mark the stable/dev versions more clearly, different pages, not just a in-text comment.
  • (torboxuser) <I am happy to report that most applications seem to work perfectly, the only issue I have at the moment is that irc clients (e.g. XChat) do not seem to be able to stay connected for any length of time ( sometimes less that 5 minutes) to all ircd hidden-services that i have tried. Do you have any hints as to how we may correct this situation? Keep up the good work!>
    • (adrelanos) If that doesn't risk your anonymity: please tell me (some) effected hidden services, so I can test.
    • (adrelanos) Thanks for reporting. That's maybe difficult to debug. Well, a hidden service goes over 6 relay. Three for the client, three for the server. If any of them goes offline for a moment, connection may break. You can go to Tor controller arm in Whonix-Gateway and switch identity (press n). Or you can change the socks username and password in XChat (that will tell Tor to use a different circuit). If you have a new circuit, that problem could be solved.
    • (adrelanos) I can't think off any Whonix specific configuration mistakes, which could introduce such a bug. I'll test and think about it.
      • (adrelanos) Tested and successfully connected to freenode's hidden service (with SASL) for over one hour without disconnect. Sorry, I can't reproduce it. It's probable fault of the hidden irc server, can you test freenode?
  • (anonymous) Are you planning to add some useful security tools in future? Like the Metadata Anonymisation Toolkit:
    • (adrelanos) Probable a good idea. I added it to my personal todo list for 0.3.x. Sidenote: in meanwhile you can manually install any (ubuntu compatible) package using apt-get, compile, etc.
    • (adrelanos) Done since 0.4.4.
  • (anonymouse) I got a problem. It remains with the latest 0.2.1 version. When you drag&drop a file from inside an archive, the system gets frozen.
    • (adrelanos) Thanks for reporting. Maybe an upstream bug. I'll check on that later.
    • (adrelanos) I don't think it's caused by Whonix since Whonix simply installs Ubuntu, configures Tor etc., installs Openbox and the unpacker. Likely drag and drop is not supported by Openbox. Please try a different archive manager. The bug will be fixed as soon as Whonix switches to a different desktop environment which is currently under investigation.
  • (anonymouse) I think Whonix or Whonix is nothing without using the snapshot feature. You should tell people more about how to use it effectively. For example, I create snapshots for different programs I often use. For Flash, I install the flashplugin and add two lines to user.js (for torbutton and noscript) and snapshot it. There are some websites which is almost impossible to download the media files in it. I simply go to the Flash snapshot, install the Video DownloadHelper, then play the video and download the captured link. It's really awesome :) completely anonymous. But of course people must not forget to revert back to original snapshots
    • (adrelanos) Unfortunately the name Whonix is now deprecated due to's wish, from now exclusively called Whonix. I agree, using snapshots is an important thing. We have a recommendation about it on Security and Hardening. I agree, that needs to be made better visible. The threat model stuff has to be separated from general advice. Since anyone can edit pages here I am happy about all useful edits. I am currently working on getting a new webhost for Whonix. Once that's done, someone is willing to offer help writing better documentation. As last resort I do it myself once the new webhost is up. Whonix might be best choice for flash, it's not perfectly anonymous but currently the best thing out there, in case you don't already know, see Browser Plugins for details.
  • (tor_n00b) adrelanos, thank you for all your work in putting the Whonix project together. I'm using your preconfigured VMs with the updates. I'd like to install external programs to the WorkStation using the 'apt-get' command. In order to do this, some programs require adding repositories to the /sources.list configuration file. But the 'sudo add-apt-repository "xxx-Example-xxx" ' command is unrecognized. Any help would be appreciated.
    • (adrelanos) Thanks for your feedback. The package is not installed by default. 'sudo apt-get install python-software-properties' should solve it.
  • (tor_n00b) I'm attempting to configure the T-G to only allow traffic through the designated SockPorts as per your instructions here. As I'm using your preconfigured VMs, to accomplish this, I commented out all lines related to #OptionalFeatureNr.5# in /etc/ . Afterwards, on the T-W, the TB is unable to connect, even though it's configured to traffic through SocksPort 9100. If I want to ensure that anything not specifically configured to use the SockPorts will not connect, how would I accomplish this with your Whonix images?
    • (adrelanos) Did only Tor Browser break or also other applications, such as XChat and wget?
      • (tor_n00b) It was a false alarm: it was a broader connectivity problem, rather than anything broken in . The problem persisted after I revert to some clean snapshots, while I was trying to diagnose which out-comment would be the culprit. Then, for a long while, T-G was not able to establish any circuits, as viewed in arm. What was frustrating was that sometimes T-G was able to connect to Tor on reboot, sometimes not. Only after I asked my question did I verify connectivity after each reboot through arm. What must have happened is that T-G was able to connect before my changes to, then wasn't able after the changes, then post hoc ergo propter hoc fail.
    • (adrelanos) Perhaps you broke Tor Browser? You can re-download it with 'TorBOX-Workstation -update-torbrowser'.
    • (adrelanos) I tested it again and it works as expected. When commented in, transparent proxying works, when commented out, transparent proxying is disabled and Tor Browser is still functional and /usr/bin/wget is defunct. When deactivated, should look like this:
      # Allow TCP to TransPort and DNS traffic to DNSListenAddress.
      #+# SEE #OptionalFeatureNr.5#
      #iptables -A INPUT -i $INT_TIF -p udp --dport 53 -j ACCEPT
      #+# SEE #OptionalFeatureNr.5#
      #iptables -A INPUT -i $INT_IF -p tcp --dport $TRANS_PORT_TW -j ACCEPT
      # Redirect DNS traffic to DNSPORT.
      #+# SEE #OptionalFeatureNr.5#
      #iptables -t nat -A PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT --to-ports $DNS_PORT_TW
      # Catch all remaining tcp and redirect to TransPort.
      #+# SEE #OptionalFeatureNr.5#
      #iptables -t nat -A PREROUTING -i $INT_IF -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT_TW
    • (adrelanos) Can you comment them in again? Reapply firewall 'sudo /etc/'. Test if Tor Browser works again. /usr/bin/wget (transparent proxying) should also work.
      • (tor_n00b) As you stated, both TB and XChat work, and /usr/bin/wget does not, by out commenting as above.
    • (adrelanos) Then deactivate those rules one by one and tell me which breaks Tor Browser.
  • (Mist) hi, back again. I just got the 0.2.1 version and ran it in Vitualbox. Of course i tried the leaktest again ( This is what the gateway said: "unable to locate package tshark". This is what the workstation said: "unable to locate package python-scapy". Can you please give me a clue on whats going on?
    • (adrelanos) Ok, that might be a little bug, easy to fix.. Does internet connectivity work? (Tor Browser etc.) Please run 'apt-get update' before. For your interest: 'which leaktest' will tell the script is under /usr/local/bin/leaktest. The first thing it does is installing the required software (tshark or python-scapy). I think it failed if you never run 'apt-get update' before, I didn't think of that case but it will be fixed in 0.3 and above. Please run 'apt-get update' and if required 'apt-get install tshark' for now and report back.
  • (Mist) Yeey! It works....i get "send 1 packets" in tor workstation and a load of other info (IP -> IP and protocol info i guess) in tor gateway. So ty for the help. Now can you give me a clue how i can be sure there is no leaks?
    • (adrelanos) On Whonix-Gateway shouldn't show so much output, please check in /etc/tor/torrc that optionalfeaturenr.6 is activated and try changing /usr/local/bin/leaktest "service tor reload" to "service tor restart". There are some more detailed instructions and explanations: LeakTestsOld. Unfortunately checking for leaks requires quite a lot linux and network knowledge.
  • (Mist) Does this mean that, for example, is my IP and location safe when using skype?
  • (Mist) Can i (within the limitations of the TOR network) use plugins safely in my TOR browser or is still there a change they will leak my real IP?
  • (mist) Hi back again. I just did some more leaktesting and find it strange that, even when doing nothing on the workstation, tshark on the gateway may show reports (not that many, but still). They are almost always from the same IP adress (which seems to be a TOR exit router) and always include TCP 54 and HTTP 640. Even after a restart of the gateway and workstation, traffic through this same IP adress seems to be generated. Should i worry and dive deeper into this (for me) weird reports? Or is this normal behaviour?
    • (adrelanos) No, the leaktest script is not perfect or better said the tshark line to capture the right traffic is not perfect. It should exclude capturing any Tor traffic but it does not. It's probable an entry guard and directory server. It would be critical if it where a non-Tor server. I think what you describe will even happen if Whonix-Workstation is powered off and only Whonix-Gateway is powered on. Tor (by Tor default, Whonix just inherit this) always builds a few circuits and keeps them open, even if you do not need them at that time, they are prepared for further use. So it's not like "I don't do anything, there should be no Tor traffic.". The leaktest script is just an addition, Whonix could exist without those scripts. To feel better you can also try the ordinary Tor test sites, such as, and so on in your browser with everything activated. Flash, Java, anything you want. Where other systems fail, Whonix still keeps the IP hidden behind Tor. I'll add some of those pages to the leak test site.
  • (mist) Second, you said i should check optionalfeature.6 in the torrc. But i dont know how to do this when running the leaktest, and to my knowledge, when the leaktest is cancelled this optional feature is cancelled by the script. Are you suggesting that i should do the manual leaktest?
  • (Tortue) I wish to know if there is a way to use others VMs, wich are not the Whonix-workstation, running any operating system (linux or not) with the Whonix-gateway?
    • (adrelanos) Yes, very much possible. Whonix doesn't make any assumptions about anything. The concept works theoretically everywhere with everything, see The simplest thing would be to use Whonix-Gateway's transparent proxy, works even with any Windows (or Linux, whatever) version (thanks to Tor), see (Windows section), done, all connections over Tor. But it's only the simplest thing. Not the most secure. About MAC address... The Whonix-Gateway doesn't care which MAC you are using. But Whonix developers decided to change Whonix-Workstation's MAC address anyway. All Whonix users share the same MAC address. It is a security feature, if that Whonix-Workstation ever gets compromised or if ever any application leaks that information, it's worth very little. It's up to you if you are to add this security feature to your VM. Whonix also implements other security features to Whonix-Workstation. See (or even better see the whole SecurityAndHardening page), another notable example here is that Whonix-Workstation is configured to separate apt-get (operating system updates) traffic from Tor Browser traffic and so on, thus not letting any malicious exit nodes collect too much information about one pseudonym, also time zone is set to UTC and so on and so on (see whole Security And Hardening and Applications Notes and Warnigns page. You decide if you don't care about Whonix-Workstation security features or if you only use transparent proxying. I'd love too see Whonix being totally generic about the underlying operating system (see Whonix framework), if one prefers Ubuntu, Debian, Gentoo, Windows, BSD or anything. It's just impossible to support all use cases at once, that's why the Whonix *example implementation* (Whonix-Workstation) is based on Ubuntu. I am open for making the sources more generic and adding out of the box support for various different systems, but that would require new developers joining Whonix development. By the way all changes are now hopefully simpler to listed, see devel branch, the Whonix-Workstation folder documents all changes.
      • (Tortue) Thanks a lot! Was so simple, I should have tried before asking ;-)
  • (Tortue) In Whonix-gateway, will apt-get update and dist-upgrade check and install updates for the whole system including tor package? Doing this in regulary basis keep us up to date with Tor versions? Thanks!
    • (adrelanos) Yes, apt-get update / dist-upgrade will keep Ubuntu on Whonix-Gateway and Whonix-Workstation up to date (including Tor). Updating to further Whonix versions unfortunately requires importing or building new images.
  • (Tortue) This hidden service claims to list nodes with suspicious behavior: http://xqz3u5drneuzhaeo.onion/users/badtornodes/ . Maybe you could add some feature to check the page and add corresponding exludenodes in torc?
    • (adrelanos) That page is a few months outdated and why I should I believe this users claims? The admin should come to official Tor mailing lists. That never happened. Until now nothing got censored and anonymous postings are allowed. It should be discussed so we can hear all sides. If the admin can prove his claims (exit nodes tamper with https and so on) the nodes will be officially get the bad exit flag. Due to lack of any discussion / feedback I don't trust in it and I think adding the feature is no good idea.
  • (Anonymous) I am using latest version of Whonix (0.2.1) I wanted to edit ExitNodes, I have done it like before: by editing the torrc manually on the Tor-Gateway. But the changes I made there (example: ExitNodes server1, server2, server3) are not used in Tor-Workstation (different nodes are used). Is there some kind of change in the command or in the settings of Tor-Gateway, how can I fix this?
    • (adrelanos) Whonix uses the regular Tor version from ubuntu linux repository. There are no special tweaks or changes, beside the small change, that /etc/tor/torrc added some settings Whonix depends on. 'sudo service tor restart' will restart Tor. Please test your changes like you would do without Whonix. On the host. With Tor Browser Bundle or regular Tor installation. No matter. If your torrc works, you can use your extra options for Whonix as well and 'sudo service tor restart' will do. Please check. I'd be really surprised if it didn't.
  • (<your name or anonymous>) <your question here>
Last modified 7 years ago Last modified on Oct 12, 2012, 3:20:15 AM