Create Whonix-Gateway ™ ProxyVMs

From Whonix
Jump to navigation Jump to search



This procedure is for advanced users who want the security benefit of separate Whonix-Gateway ™ instances in Qubes-Whonix ™. While it affords some protection in the event other Whonix-Gateway ™ instances are compromised, it will result in a different set of Tor entry guards unless precautions are taken.

Ensure the newly created sys-whonix is based on the whonix-gw-16 Template and has a distinctive VM name, so it is not confused with other VMs. It is also recommended to not run multiple Whonix-Gateway ™ in parallel, see Multiple Whonix-Gateway ™.


To create a Whonix-Gateway ™ ProxyVM in Qubes R4:

  • Qubes VM ManagerQubeCreate new qube
  • Name and label: Name the ProxyVM. Do not include any personal information; if the ProxyVM is compromised, the attacker could run qubesdb-read /name to reveal its name. Use a generic naming convention, for example: sys-whonix.
  • Color: Choose a color label for the Whonix-Gateway ™ ProxyVM.
  • Type: Choose the type AppVM.
  • Template: Choose Whonix-Gateway ™ Template. For example: whonix-gw-16.
  • Networking: Choose the desired clearnet Service Qube from the list. For example: sys-firewall.
  • Advanced: Place a check mark in the "provides network" box. This will allow the Whonix-Gateway ™ ProxyVM to provide networking for other App Qubes.
  • Press: OK.

Figure: Qubes Manager: Create New Qube