Jump to: navigation, search


< Dev


Authoring Notes:

  • Start with a general description below each headline. Be as general as possible, trying to avoid even using such terms as 'Tor'.
  • Next, describe the Whonix Example Implementation, showing exactly how Whonix implements the goals stated above.

List of installed Packages[edit]





An application to anonymize network traffic, called anonymizer, is required. The application to anonymize network traffic has to be obtained from a safe download source. Increase file maximum, if required by the anonymizer.


Network Configuration[edit]

The Gateway needs two network interfaces. An external interface to communicate with clearnet for Tor and an internal interface to communicate with the Workstation.

Disable IPv6, if not supported by the anonymity network.

Disable IP forwarding, if it is not required due to the firewall rules (such as in case of Tor, which offers a TransPort and a DNSPort).

Configure the system resolver to use the anonymity network to resolve DNS. - This is not required to anonymize traffic of the Workstation. The system resolver of the Gateway should not get used by any applications anyway, because they are explicitly configured to use the anonymity network. Useful as defence in depth. DNS and other traffic from the Workstation gets forced by the Gateway's firewall to use the anonymity network. The Gateways's own traffic gets anonymized with the purpose of hiding the existence of the Gateway from the ISP, as it is expected that most users do not want to announce the existence of a Gateway, which may indicate that they run hidden services or other applications over Tor. The Gateway could alternatively fetch it's own operating system updates over clearnet, but since package selection is unique clearnet traffic may imply Gateway. And, as package downloads are only authenticated, not encrypted, it's better to download the updates over the already to hand anonymity network. As an anonymity network, such as Tor, with changing exit relays (and thus exit ISPs) is getting used, this also makes it even harder for an adversary to interfere with the update process. The last sentence gets elaborated on the Design Shared page in chapter about "Operating System Updates".

Prevent DHCP from updating the system resolver.



Add a firewall, which permits only the anonymizer's traffic to reach the internet.



Firewall Removal[edit]


Include a command to easily remove all firewall rules, which can not be run by accident without editing the file with root rights.


Leaktest script[edit]


Have a script to try to produce a leak and check if there are any leaks.


Clearnet User[edit]


To have a user account "clearnet" on the Gateway may be helpful for debugging, an "unsafe" browser (which can be used to register public hotspots).



Tor Controller[edit]



Help file[edit]


When the user types a short and easy command, the most important and most asked commands should be listed.


Marker file[edit]


Add a marker file so scripts you write can find out, whether they are running on the Gateway or inside the Workstation. There are probably different implementations possible to reach that goal.



Changes from Dev/Design-Shared also have to be added to the Gateway.

Random News:

Did you contribute to Whonix? Feel free to add your name and what you did to the Whonix Authorship page.

Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help welcome, volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.