Whonix ®

Download

Windows Linux Mac VirtualBox KVM Qubes Intel / AMD64 ARM64 PPC64 USB ISO Raspberry Pi More options Source Code

About

Overview Features Whonix vs VPNs Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Forum Best Practices Contribute

Support

Self Support First Policy Search Engines, Docs and AI Support (Limited) Reporting Bugs Contact (Restricted)

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

Enabling and using IPv6 in Whonix.

• Protocol overview: IPv6 is the newer version of the Internet's addressing system. Like the older IPv4, it helps devices find and talk to each other over a network or the Internet.
• Main advantage: IPv6 offers many more unique addresses than IPv4, which helps solve the problem of running out of IP addresses.
• Adoption issues: Some networks still only support IPv4. Others support both IPv4 and IPv6. A few newer networks only support IPv6, which can cause connection problems for older systems or software that don’t support IPv6.

• Whonix 17 and below: Only partial support for IPv6.
• Whonix 18 and higher: Full IPv6 support built in.

In Whonix 17 (older version):

• Tor Browser access: Websites and services that use IPv6 can be reached with Tor Browser from Whonix-Workstation.
• Workstation to Gateway communication: The connection between Whonix-Workstation and Whonix-Gateway still uses IPv4 only.
• Gateway to Tor network: Whonix-Gateway connects to the Tor network using only IPv4. IPv6 is completely disabled here. However, Tor can still access IPv6 websites by tunneling through the IPv4 network.
• Command-line utilities: Most tools used in the terminal on Whonix-Workstation don’t work with IPv6 unless special workarounds are used.

In Whonix 18 (newer version):

• Tor Browser access: Websites and services that use IPv6 can be accessed without issues from Whonix-Workstation.
• Workstation to Gateway communication: Still uses IPv4 by default, but applications inside Whonix-Workstation can connect to Whonix-Gateway over IPv6 to access Tor.
• Gateway to Tor network: Whonix-Gateway can use either IPv4 or IPv6 to reach the Tor network. It prefers IPv4, but will use IPv6 if configured that way or if IPv4 isn't available. This only works if your virtualization software supports IPv6 NAT and autoconfiguration.
• Command-line utilities: Tools like curl in Whonix-Workstation can access IPv6 sites without extra setup. Other tools may still need manual configuration or workarounds.

Not sure if your Internet connection supports IPv6, IPv4, or both? Use the following websites to check.

Notes:

• Run tests on host: You must visit these websites on the host operating system (not inside Whonix).
• Link disclaimer: These links are not endorsements. They are only examples. Many similar test websites exist.

• Tests overview:
  • Normal Test: Checks if your connection supports both IPv4 and IPv6.
  • IPv4 only Test: If this doesn't work, it may mean your network only supports IPv6, or something is misconfigured.
  • IPv6 only Test: If this doesn't work, that’s usually okay.

• Example test websites:
  • ip6.me
    • ip6.me: Normal Test
    • ip6.me: IPv4 only Test
    • ip6.me: IPv6 only Test
  • test-ipv6.com: Provides a detailed test of IPv4 and IPv6 connectivity.

The steps below explain how to enable IPv6 support in each virtualization platform supported by Whonix.

• Versions before 7.1: Do not support IPv6 NAT. Only IPv4 connections work when using NAT.
  • Workaround before 7.1: You could try switching Whonix-Gateway to a bridged network to allow IPv6. But this exposes it to your local network and increases risk. Not recommended.
• Versions 7.1 and later: IPv6 NAT works by default. No changes needed.
  • Confirmed working: IPv6 has been successfully tested with VirtualBox 7.2.2.

libvirt supports IPv6 NAT starting with version 6.5.0. ^[1]

To check your installed libvirt version:

virsh --version

However, by default, IPv6 autoconfiguration does **not** work in Whonix 18. This is because Whonix disables the use of dnsmasq on the host for Whonix VMs. This improves security by reducing the risk of attacks from VMs to the host. ^[2]

But disabling dnsmasq also prevents IPv6 autoconfiguration from working. dnsmasq is the tool that sends the “router advertisement” signals needed to automatically set up IPv6 in Whonix-Gateway.

To fix this, you can re-enable dnsmasq for Whonix's virtual networks by following these steps:

Qubes OS does support IPv6, but it is turned off by default. To turn it on, follow the guide in the Qubes OS networking documentation.

Whonix The most watertight privacy operating system in the world.

Dark mode

Follow us on social media

Supported by Power Up Privacy

Whonix is proudly supported until 2026 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Whonix we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012- 2025 ENCRYPTED SUPPORT LLC

Your support makes
all the difference!

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!