Compartmentalization. Managing multiple Whonix-Gateway.
Multiple Whonix-Gateway can be used alongside multiple Whonix-Workstation™, but this has both advantages and disadvantages. One security benefit is the isolation of separate Whonix-Gateway VM instances. In the event that one Whonix-Gateway is compromised, it is not certain the other(s) will be similarly compromised. On the downside, newly cloned Whonix-Gateway(s) will end up with a different set of Tor entry guards unless precautions are taken.  
In this configuration ISPs are probably capable of detecting that two different Tor data folders are in use, but this is not necessarily an anonymity threat. Similarly, if multiple Tor Browsers are used with distinct Whonix-Gateway, then a different set of Tor entry guards will be used as well (unless by chance the same Tor guards are chosen for different Whonix-Gateway).
When multiple Whonix-Gateway are run in parallel, the risks explained in the Multiple Whonix-Workstation: Safety Precautions section equally apply.
Platform specific. Select your virtualizer below.
In VirtualBox Manager, it is necessary to change the name of the internal network for both Whonix-Gateway and Whonix-Workstation.
1. Learn the default Whonix internal network name.
2. Pick an alternative internal network name.
For the second, third or nth multiple Whonix-Gateway another internal network name is required. Any name can be used, but make sure it is not re-used in any other Whonix-Gateway which should be isolated from this one. The following example will use
Whonix2, however it could be something completely different like
3. Change Whonix-Gateway internal network name.
VirtualBox→ Whonix-Gateway →
Whonixto something else such as
4. Change Whonix-Workstation internal network name.
VirtualBox→ Whonix-Workstation →
Whonixto the same internal network name as above →
In this configuration, Whonix-Workstation will not be able to communicate with one another. This is recommended to keep different Tor activity profiles completely separate. To run multiple Whonix-Gateway it is necessary to clone existing VMs; the steps below assume an existing Whonix install.
1. Create clones of the Gateway and Workstation VMs rolled back to clean snapshots.
In Virtual Machine Manager:
Highlight VM →
Virtual Machine →
2. Export Whonix internal network settings.
sudo virsh net-dumpxml Whonix-Internal > Whonix-Internal2.xml
3. Edit the network configuration to make it unique.
- Change the name and bridge name.
- Delete the mac address and uuid parameters.
Alternatively, replace the configuration with the example below (this assumes the only custom networks are Whonix-related).
<network> <name>Whonix-Internal2</name> <bridge name='virbr3' stp='on' delay='0'/> </network>
Save and exit.
CTRL-X y CTRL-M
virbr1is assigned to the Whonix-External network (default Whonix-Gateway external NAT NIC); and
virbr2is assigned to the Whonix-Internal network (default Whonix-Workstation internal NIC).
Therefore, the network name was changed to
internal2 and the bridge name to
4. Import and start the new network.
virsh -c qemu:///system net-define Whonix-Internal2.xml
virsh -c qemu:///system net-autostart Whonix-Internal2
virsh -c qemu:///system net-start Whonix-Internal2
5. Attach the Gateway and Workstation VM NICs to the new network.
Ensure that one Gateway NIC is attached to the external network. It is important to carefully match internal network interfaces to the new ones and not accidentally switch to a NIC that connects outside.
To edit the VM virtual NIC settings:
Highlight VM →
NIC virtual hardware → Set Network Source to:
Virtual network 'Whonix-Internal2' : Isolated network, internal and host routing only
Note that the network is exclusively internal and does not communicate with the host in any way.
6. Change the number of pinned CPUs.
It is recommended to edit the cloned workstation's configuration and change the number of pinned CPUs to a different value (3 or 4) compared to the existing gateway and primary workstation. This only works if users have a quad-core system.
It is simple to create additional Whonix-Gateway (
sys-whonix instances) in Qubes-Whonix.
Though the procedure is for advanced users who want the security benefit of separate Whonix-Gateway instances in Qubes-Whonix. While it affords some protection in the event that other Whonix-Gateway instances are compromised, it will result in a different set of Tor entry guards unless precautions are taken.
Please ensure that the newly created
sys-whonix is based on the
whonix-gateway-17 Template and has a distinctive VM name, so it is not confused with other VMs. Additionally, it is recommended not to run multiple Whonix-Gateway instances in parallel, see Multiple Whonix-Gateway.
To create a Whonix-Gateway ProxyVM in Qubes:
Qubes VM Manager→
Create new qube
- Name and label: Name the ProxyVM. Do not include any personal information; if the ProxyVM is compromised, the attacker could run
qubesdb-read /nameto reveal its name. Use a generic naming convention, for example:
- Color: Choose a color label for the Whonix-Gateway ProxyVM.
- Type: Choose the type
- Template: Choose Whonix-Gateway Template. For example:
- Networking: Choose the desired clearnet Service Qube from the list. For example:
- Advanced: Place a check mark in the "provides network" box. This will allow the Whonix-Gateway ProxyVM to provide networking for other App Qubes.
- See screenshots in footnotes if needed. 
- Open a dom0 terminal.
- Add qvm-tag
anon-gatewayto the newly created App Qube. 
sys-whonix-2 with the actual name of the VM.
qvm-tags sys-whonix-2 add anon-gateway
- Such as manually configuring identical Tor entry guards. Qube-Whonix users can copy the Tor state folder to another instance or use Bridges.
- At present, full instructions are not available for every Non-Qubes-Whonix platform.
Figure: Qubes Manager: Create New Qube - Step 1
Figure: Qubes Manager: Create New Qube - Step 2
Developer documentation about