Multiple Whonix-Gateway ™

From Whonix

(Redirected from Multiple Whonix-Gateways)



Info Note: It is far safer and easier to manage multiple Whonix-Gateway ™s when only one is launched for user activities, rather than running many in parallel.

Multiple Whonix-Gateway ™s can be used alongside multiple Whonix-Workstation ™s, but this has both advantages and disadvantages. One security benefit is the isolation of separate Whonix-Gateway ™ VM instances. In the event that one Whonix-Gateway ™ is compromised, it is not certain the other(s) will be similarly compromised. On the downside, newly cloned Whonix-Gateway ™(s) will end up with a different set of Tor entry guards unless precautions are taken. [1] [2]

In this configuration ISPs are probably capable of detecting that two different Tor data folders are in use, but this is not necessarily an anonymity threat. Similarly, if multiple Tor Browsers are used with distinct Whonix-Gateway ™s, then a different set of Tor entry guards will be used as well (unless by chance the same Tor guards are chosen for different Whonix-Gateway ™s).

When multiple Whonix-Gateway ™s are run in parallel, the risks explained in the Multiple Whonix-Workstation ™: Safety Precautions section equally apply.

Non-Qubes-Whonix ™[edit]

Info Note: These instructions only apply to Download/Default-Whonix-Workstation ™.

Non-Qubes-Whonix ™ means all Whonix ™ platforms except Qubes-Whonix ™. This includes Whonix ™ KVM, Whonix ™ VirtualBox and Whonix ™ Physical Isolation.


In this configuration, Whonix-Workstation ™s will not be able to communicate with one another. This is recommended to keep different Tor activity profiles completely separate. To run multiple Whonix-Gateway ™s it is necessary to clone existing VMs; the steps below assume an existing Whonix ™ install.

1. Create clones of the Gateway and Workstation VMs rolled back to clean snapshots.

In Virtual Machine Manager: Highlight VMOpenVirtual MachineClone...Clone

2. Export Whonix ™ internal network settings.

sudo virsh net-dumpxml Whonix-Internal > Whonix-Internal2.xml

3. Edit the network configuration to make it unique.

  • Change the name and bridge name.
  • Delete the mac address and uuid parameters.

Alternatively, replace the configuration with the example below (this assumes the only custom networks are Whonix ™-related).

  <bridge name='virbr3' stp='on' delay='0'/>

Save and exit.



  • virbr1 is assigned to the Whonix-External network (NAT NIC); and
  • virbr2 is assigned to the Whonix-Internal network (Whonix ™ NIC).

Therefore, the network name was changed to internal2 and the bridge name to virbr3.

4. Import and start the new network.

virsh -c qemu:///system net-define Whonix-Internal2.xml
virsh -c qemu:///system net-autostart Whonix-Internal2
virsh -c qemu:///system net-start Whonix-Internal2

5. Attach the Gateway and Workstation VM NICs to the new network.

Ensure that one Gateway NIC is attached to the external network. It is important to carefully match internal network interfaces to the new ones and not accidentally switch to a NIC that connects outside.

To edit the VM virtual NIC settings:
Highlight VMOpenSettingsNIC virtual hardware → Set Network Source to: Virtual network 'Whonix-Internal2' : Isolated network, internal and host routing only

Note that the network is exclusively internal and does not communicate with the host in any way.

6. Change the number of pinned CPUs.

It is recommended to edit the cloned workstation's configuration and change the number of pinned CPUs to a different value (3 or 4) compared to the existing gateway and primary workstation. This only works if users have a quad-core system.


In this case, it is necessary to change the Whonix-Gateway ™ network interface2 and Whonix-Workstation ™ network interface1 from internal network Whonix to something else.

Qubes-Whonix ™[edit]

It is simple to create additional Whonix-Gateway ™s (sys-whonix instances) in Qubes-Whonix ™; see Create Gateway ProxyVMs.

The only requirement is that the newly created sys-whonix is based on the whonix-gw-15 TemplateVM and has a distinctive VM name, so it is not confused with other VMs.


  1. Such as manually configuring identical Tor entry guards. Qube-Whonix ™ users can copy the Tor state folder to another sys-whonix instance or use the same Bridges.
  2. At present, full instructions are not available for every Non-Qubes-Whonix platform.

text=Jobs in USA
Jobs in USA

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Iconfinder news 18421.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg Reddit.jpg Diaspora.png Gnusocial.png Mewe.png 500px-Tumblr Wordmark.svg.png Iconfinder youtube 317714.png 200px-Minds logo.svg.png 200px-Mastodon Logotype (Simple).svg.png 200px-LinkedIn Logo 2013.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png United Federation of Planets 1000px.png

Share: Twitter | Facebook

Check out the Whonix News Blog [archive].

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.