Jump to: navigation, search


< Dev


See DoNot#Prevent_Tor_over_Tor_scenarios.


TODO: needs update (moved to socat with Whonix 13 anon-ws-disable-stacked-tor 3:2.4-1 stable upgrade)

Implemented in three ways on Whonix-Workstation.

  • Implemented in anon-ws-disable-stacked-tor, debian/control. The package uses the "Provides: tor" field[1], which should avoid any kinds of conflicts, in case upstream releases a higher version of Tor. This won't work for packages, which depend on an explicit version of Tor (such as TorChat). This is non-ideal, since for example the torchat package will install Tor, but still acceptable, because of the following additional implementations.
  • Tor's autostart is disabled in /etc/default/tor (dpkg-diverted using config-package-dev), so even if the tor package gets installed, it won't be automatically started.
  • rinetd is configured by /etc/rinetd.conf to listen on
    • Tor's default ports. I.e.
      • system Tor's, and,
      • Tor Browser's,
      • Tor Messenger's,
    • Those are forwarded to Whonix-Gateway.
    • This prevents the default Tor Browser, Tor Messenger and/or Tor package by The Tor Project from opening these default ports, which will result in Tor failing to open its listening port and therefore exiting, thus preventing Tor over Tor.



We mimic a functional Tor as good as possible.

anon-ws-disable-stacked-tor is also providing:

  • Tor Control Unix Domain Socket file: /var/run/tor/control, which is redirected to Control Port Filter Proxy on Whonix-Gateway.
  • Tor Control Auth Cookie: a functional /var/run/tor/control.authcookie that works with Control Port Filter Proxy.
  • Tor Socks Unix Domain Socket file: /var/run/tor/socks that is redirected to Whonix-Gateway Tor port 9050


Required for Tor Browser connectivity, SocksSocket:

https://cloud.githubusercontent.com/assets/156128/21556064/8ead0338-cdd2-11e6-918c-d4ca61724b52.png any should work.




Should show the following.




Should show the following.


Also please run.


Should show the following.

<title>Tor is not an HTTP Proxy</title>
<h1>Tor is not an HTTP Proxy</h1>
It appears you have configured your web browser to use Tor as an HTTP proxy.
This is not correct: Tor is a SOCKS proxy, not an HTTP proxy.
Please configure your client accordingly.
See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.
<!-- Plus this comment, to make the body response more than 512 bytes, so      IE will be willing to display it. Comment comment comment comment      comment comment comment comment comment comment comment comment.-->

Run a similar command.

echo GET | socat - UNIX-CONNECT:/var/run/anon-ws-disable-stacked-tor/

Should show the same as above.

Next one to try.


Should show the following.

510 Request filtered

Run a similar command.

echo GET | socat - UNIX-CONNECT:/var/run/anon-ws-disable-stacked-tor/

Should show.

510 Request filtered


  1. See "7.5 Virtual packages - Provides" on http://www.debian.org/doc/debian-policy/ch-relationships.html

Random News:

Do you wonder why Whonix will always be free? Check out Why Whonix is Free Software.

https | (forcing) onion

Share: Twitter | Facebook | Google+

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)