Access Local Network, Host, or Clearnet Internet from VM
Donate
Advanced documentation detailing the process to connect from inside a VM to a server service running on the host, within the LAN, or clearnet internet.
Introduction[edit]
This subject is advanced. The instructions provided are generally unnecessary for most users.
Consider File Transfer as a simpler alternative for standard requirements.
Prerequisite Knowledge[edit]
Access Host from within Whonix-Gateway[edit]
This example demonstrates using ssh, but other methods may be substituted accordingly.
On the Host[edit]
Install the necessary server software; ssh is illustrated as an example.
Install package(s) ssh following these instructions
1 Platform specific notice.
- Non-Qubes-Whonix: No special notice.
- Qubes-Whonix: In Template.
2 
Update the package lists and upgrade the system
.
sudo apt update && sudo apt full-upgrade
3 Install the ssh package(s).
Using apt command line --no-install-recommends option is in most cases optional.
sudo apt install --no-install-recommends ssh
4 Platform specific notice.
- Non-Qubes-Whonix: No special notice.
- Qubes-Whonix: Shut down Template and restart App Qubes based on it as per Qubes Template Modification.
5 Done.
The procedure of installing package(s) ssh is complete.
If ssh is utilized, its setup on the host (such as public key setup) and related issues are considered prerequisite knowledge and are out of scope for this documentation. This wiki chapter is focused on connectivity, not on server configuration details.
Inside the VM[edit]
Install the corresponding client software, e.g., openssh-client.
1. Install openssh-client.
Install package(s) openssh-client following these instructions
1 Platform specific notice.
- Non-Qubes-Whonix: No special notice.
- Qubes-Whonix: In Template.
2 Update the package lists and upgrade the system.
sudo apt update && sudo apt full-upgrade
3 Install the openssh-client package(s).
Using apt command line --no-install-recommends option is in most cases optional.
sudo apt install --no-install-recommends openssh-client
4 Platform specific notice.
- Non-Qubes-Whonix: No special notice.
- Qubes-Whonix: Shut down Template and restart App Qubes based on it as per Qubes Template Modification.
5 Done.
The procedure of installing package(s) openssh-client is complete.
2. Optional: Configure a persistent home folder for the user clearnet.
sudo mkhomedir_helper clearnet
3. Launch a shell under user clearnet.
sudo -u clearnet bash
4. Disable stream isolation permanently or circumvent it temporarily, as needed.
client-software ip-address
Note:
- Substitute
sshwith your client software of choice. - Replace
192.168.1.0with the actual local LAN IP of the host. - Remove
.anondist-origif the command isn’t uwt-wrapped by default.
ssh.anondist-orig 192.168.1.0
5. Completion.
An SSH connection from within Whonix-Gateway to the host should now be established.
Access Host from within Whonix-Workstation[edit]
This scenario is currently undocumented and likely necessitates a complex setup with a high risk of clearnet leaks. See footnote. [1] Instead, users are recommended to explore SSH / SSHFS into Whonix-Gateway, [[File_Transfer#SSH_into_Whonix-Workstation™|SSH / SSHFS into Whonix-Workstation]], and SSHFS into Whonix-Workstation™.
Troubleshooting[edit]
- Check whether a configured host firewall is blocking connections to the service.
Forum Discussion[edit]
See Also[edit]
Footnotes[edit]
- ↑
Options could include:
- Less safe: Enabling IP forwarding inside Whonix-Gateway™.
- Safer: Opening an Incoming Port on Whonix-Gateway Firewall and running proxy software in Whonix-Gateway with user
clearnetto allow forwarding to the host, LAN, or clearnet Internet.
The most watertight privacy operating system in the world.
At
Whonix we value freedom and trust, supporting Open Source and Freedom Software
2012-
2025 ENCRYPTED SUPPORT LLC
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!