Jump to: navigation, search


This page contains changes which are not marked for translation.

Other languages:
English • ‎中文

Lantern - Alternative Censorship Circumvention Tool


Lantern is a censorship circumvention tool, an alternative to Tor bridges.

From the beginning of version 3.0, Lantern "implemented a bandwidth limitation of 800 MB/ month. When the bandwidth limit is reached, the connection is slowed down and Free users are prompted to upgrade to Lantern Pro". Specifically, the connection will be slowed down to approximately 20KB/s, making Lantern kind of unusable. On the other hand, considering the payment methods Lantern company offers, it is merely impossible for one to pay for Lantern Pro without damaging his/her privacy or/and anonymity.

An easy way to circumvent the problem describing above is to set up a new VM and install a new Lantern application in it.

TODO: expand

Connecting to Lantern before Tor[edit]

Testers only!

It is possible to configure Tor to use Lantern as proxy to establish the following tunnel:
User -> Lantern -> Tor -> Internet

If you want to do this, apply the following instructions.

Qubes-Whonix only! Non-Qubes-Whonix is unsupported.

In case you want to do that, it is recommended to read the following related wiki article: Tunnels/Introduction

For current limitations, see also blog post / forum discussion:

Create a new standalone ProxyVM called Lantern-Gateway based on Debian-8 template.

In Lantern-Gateway ProxyVM, The iptables rules must be unloaded.

If using Qubes, disable qubes-iptables and qubes-firewall systemd services. Non-Qubes users can skip this.

sudo systemctl mask qubes-iptables
sudo systemctl stop qubes-iptables
sudo systemctl mask qubes-firewall
sudo systemctl stop qubes-firewall

Open ~/fw-unload in an editor.

If you are using a graphical environment, run.

kwrite ~/fw-unload

If you are using a terminal (Konsole), run.

nano ~/fw-unload



## Copyright (C) 2012 - 2015 Patrick Schleizer <adrelanos@riseup.net>
## See the file COPYING for copying conditions.

set -o pipefail

error_handler() {
  echo "ERROR!" >&2
  exit 1

trap "error_handler" ERR

[ -n "$iptables_cmd" ] || iptables_cmd="iptables --wait"
[ -n "$ip6tables_cmd" ] || ip6tables_cmd="ip6tables --wait"

$iptables_cmd -P INPUT ACCEPT
$iptables_cmd -P FORWARD ACCEPT
$iptables_cmd -P OUTPUT ACCEPT

$iptables_cmd -F
$iptables_cmd -X
$iptables_cmd -t nat -F
$iptables_cmd -t nat -X
$iptables_cmd -t mangle -F
$iptables_cmd -t mangle -X
$iptables_cmd -t raw -F
$iptables_cmd -t raw -X

$ip6tables_cmd -P INPUT ACCEPT
$ip6tables_cmd -P OUTPUT ACCEPT
$ip6tables_cmd -P FORWARD ACCEPT

$ip6tables_cmd -F
$ip6tables_cmd -X
$ip6tables_cmd -t mangle -F
$ip6tables_cmd -t mangle -X
$ip6tables_cmd -t raw -F
$ip6tables_cmd -t raw -X

exit 0


Make ~/fw-unload executable.

chmod +x ~/fw-unload

Unload all iptables firewall rules.

sudo ~/fw-unload

After firewall unload, run the following command to see if all firewall rules are really unloaded.

sudo iptables-save | sed -e 's/\[[0-9:]*\]/[0,0]/' -e '/^#/d'

The output should show.


IP Forwarding in the Lantern-Gateway ProxyVM could/should be disabled since it is not required.

sudo sysctl -w net.ipv4.ip_forward=0

Install missing lantern dependency. [1]

sudo apt-get install libappindicator3-1

Check if the downloaded deb file is still the right file. Go to https://getlantern.org/ and check for desktop, linux downloads.

curl --tlsv1.2 --proto =https https://s3.amazonaws.com/lantern/lantern-installer-beta-64-bit.deb --output ~/lantern-installer-beta-64-bit.deb

Install lantern. [2]

sudo dpkg -i ~/lantern-installer-beta-64-bit.deb

Start lantern while listening on all, not just the internal, network interfaces so it gets reachable from sys-whonix.

Let lantern listen for HTTP proxy requests.

lantern -addr

Or let lantern listen for SOCKS5 proxy requests which is preferred.

lantern -socksaddr


Shut down sys-whonix if running. Set sys-whonix NetVM to Lantern-Gateway. Restart sys-whonix.


In sys-whonix. Open /etc/tor/torrc.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named sys-whonix) -> Tor User Config (Torrc)

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> Settings -> /etc/tor/torrc

If you are using a terminal-only Whonix-Gateway, complete the following steps.

sudo nano /etc/tor/torrc

Add one of the followings according to the proxy type lantern is listening for. [5] [6] is just an example. You need to replace with the IP of your Lantern-Gateway ProxyVM. You could run the following command within sys-whonix to find out the IP of your Lantern-Gateway ProxyVM. qubesdb-read /qubes-gateway


Reload Tor.

After editing /etc/tor/torrc, Tor must be reloaded for changes take effect.

Note: If Tor does not connect after completing all these steps, then a user mistake is the most likely explanation. Recheck /etc/tor/torrc and repeat the steps outlined in the sections above. If Tor then connects successfully, all the necessary changes have been made.

For Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Reload Tor

For graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> Settings -> Reload Tor

For terminal-only Whonix-Gateway, press on Expand on the right.

Complete the following steps.

Reload Tor.

sudo service tor@default reload

Check Tor's daemon status.

sudo service tor@default status

It should include a a message saying.

Active: active (running) since ...

In case of issues, try the following debugging steps.

Check Tor's config.

sudo -u debian-tor tor --verify-config

The output should be similar to the following.

Sep 17 17:40:41.416 [notice] Read configuration file "/etc/tor/torrc".
Configuration was valid

Done. Tor will use Lantern as proxy.


  1. Lack of a dependency declaration when installing Lantern on Debian
  2. In Lantern-Gateway, check if lantern's http port is functional.
    curl --tlsv1.2 --proto =https --proxytunnel --proxy https://check.torproject.org
    In Lantern-Gateway, check if lantern's socks port is functional.
    curl --tlsv1.2 --proto =https --socks5-hostname socks5h:// https://check.torproject.org
  3. In sys-whonix, test if Tor is able to the http proxy that Lantern is providing.
    UWT_DEV_PASSTHROUGH=1 curl --tlsv1.2 --proto =https --proxytunnel --proxy https://check.torproject.org
    In sys-whonix, test if Tor is able to the socks proxy that Lantern is providing.
    UWT_DEV_PASSTHROUGH=1 curl --tlsv1.2 --proto =https --socks5-hostname socks5h:// https://check.torproject.org
  4. Socks would be better. According to https://github.com/getlantern/lantern/issues/2075 lantern already does have socks support. Issues opened: https://github.com/getlantern/lantern/issues/4838
  5. Setup will become easier with less need for IP changes as soon as Qubes implements optional static IP addresses.

Random News:

Bored? Want to chat with other Whonix users? Join us in IRC chat (Webchat).

Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself.