OneVM is deprecated. It was tested and developed for 0.1.3. The concept worked. It is deprecated now, because it has no maintainer.


Whonix needs at least two systems, one running Tor, the other running clients that are routed through Tor. This ensures the highest possible security and isolation. We can implement this using different strategies: Two VMs (Gateway VM and Workstation VM) or bare metal. A different approach is to use a host running Tor and only a single client VM. This site will guide you through all required steps to set up a One VM Whonix. If anything remains unclear please refer to the more verbose How To.


  • One VM less required.
  • One operating system less required.
  • Less system resources required.


  • Much more difficult to develop, deploy and test for the many different host operating systems.
  • Difficult to develop a download version. Could be only an installer, which had to comply with the differences in different host operating systems.
  • Guest VM can see MAC address of host?

Host preparation[edit]

Install Ubuntu 12.04.

You should choose "user" as your username (you can also add such a user if you already installed Ubuntu). Otherwise you need to edit the script (see PREREQUISITES/ASSUMPTIONS #4). You can ignore the ASSUMPTION #2, the -onevm option will configure a virtual internal interface called vnet0.

Get the shell script and run it on the host

sudo Whonix-Gateway -onevm

Download or build the Whonix-Workstation image. # VirtualBox settings for Whonix-Workstation #

Go to Devices > Network Adapter. Make sure all network adapters except Adapter 1 are disabled. Set Adapter one according to following options: (IMPORTANT!)

Attached to: Bridged Adapter Name: vnet0 Click OK.

Guest VM configuration[edit]

Follow instructions for Whonix-Workstation in Dev/Build Documentation.

Run as root (sudo -i) directly on the workstation (since you need to set up networking ssh can't be used):

(Template:Network Config)

ifdown -a

echo "
auto eth0
iface eth0 inet static
# increment last octet (the ...0.2) on additional workstations
   gateway" | tee -a /etc/network/interfaces

chattr -i /etc/resolv.conf
echo "nameserver" | tee /etc/resolv.conf
chattr +i /etc/resolv.conf
ifup -a


Random News:

Interested in becoming an author for the Whonix blog or writing about anonymity, privacy and security? Please get in touch!

https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)