Compartmentalization. Managing multiple Whonix-Gateway.

Introduction[edit]

Note: It is far safer and easier to manage multiple Whonix-Gateway when only one is launched for user activities, rather than running many in parallel.

Multiple Whonix-Gateway can be used alongside multiple Whonix-Workstation, but this has both advantages and disadvantages. One security benefit is the isolation of separate Whonix-Gateway VM instances. In the event that one Whonix-Gateway is compromised, it is not certain the other(s) will be similarly compromised. On the downside, newly cloned Whonix-Gateway(s) will end up with a different set of Tor entry guards unless precautions are taken. ^[1] ^[2]

In this configuration ISPs are probably capable of detecting that two different Tor data folders are in use, but this is not necessarily an anonymity threat. Similarly, if multiple Tor Browsers are used with distinct Whonix-Gateway, then a different set of Tor entry guards will be used as well (unless by chance the same Tor guards are chosen for different Whonix-Gateway).

When multiple Whonix-Gateway are run in parallel, the risks explained in the Multiple Whonix-Workstation: Safety Precautions section equally apply.

Platform specific. Select your virtualizer below.

VirtualBox

In VirtualBox Manager, it is necessary to change the name of the internal network for both Whonix-Gateway and Whonix-Workstation.

1. Learn the default Whonix internal network name.

It is Whonix.

2. Pick an alternative internal network name.

For the second, third or n^th multiple Whonix-Gateway another internal network name is required. Any name can be used, but make sure it is not re-used in any other Whonix-Gateway which should be isolated from this one. The following example will use Whonix2, however it could be something completely different like for-my-onion-web-server.

3. Change Whonix-Gateway internal network name.

VirtualBox → Whonix-Gateway → Settings → Network → Adapter 2 → Name: → change Whonix to something else such as Whonix2 → OK

4. Change Whonix-Workstation internal network name.

VirtualBox → Whonix-Workstation → Settings → Network → Adapter 1 → Name: → change Whonix to the same internal network name as above → OK

KVM

In this configuration, Whonix-Workstation will not be able to communicate with one another. This is recommended to keep different Tor activity profiles completely separate. To run multiple Whonix-Gateway it is necessary to clone existing VMs; the steps below assume an existing Whonix install.

1. Create clones of the Gateway and Workstation VMs rolled back to clean snapshots.

In Virtual Machine Manager: Highlight VM → Open → Virtual Machine → Clone... → Clone

2. Export Whonix internal network settings.

sudo virsh net-dumpxml Whonix-Internal > Whonix-Internal2.xml

3. Edit the network configuration to make it unique.

Change the name and bridge name.
Delete the mac address and uuid parameters.

Alternatively, replace the configuration with the example below (this assumes the only custom networks are Whonix-related).

<network>
  <name>Whonix-Internal2</name>
  <bridge name='virbr3' stp='on' delay='0'/>
</network>

Save and exit.

CTRL-X
y
CTRL-M

Note:

virbr1 is assigned to the Whonix-External network (default Whonix-Gateway external NAT NIC); and
virbr2 is assigned to the Whonix-Internal network (default Whonix-Workstation internal NIC).

Therefore, the network name was changed to internal2 and the bridge name to virbr3.

4. Import and start the new network.

virsh -c qemu:///system net-define Whonix-Internal2.xml

virsh -c qemu:///system net-autostart Whonix-Internal2

virsh -c qemu:///system net-start Whonix-Internal2

5. Attach the Gateway and Workstation VM NICs to the new network.

Ensure that one Gateway NIC is attached to the external network. It is important to carefully match internal network interfaces to the new ones and not accidentally switch to a NIC that connects outside.

To edit the VM virtual NIC settings:
Highlight VM → Open → Settings → NIC virtual hardware → Set Network Source to: Virtual network 'Whonix-Internal2' : Isolated network, internal and host routing only

Note that the network is exclusively internal and does not communicate with the host in any way.

6. Change the number of pinned CPUs.

It is recommended to edit the cloned workstation's configuration and change the number of pinned CPUs to a different value (3 or 4) compared to the existing gateway and primary workstation. This only works if users have a quad-core system.

Qubes-Whonix

It is simple to create additional Whonix-Gateway (sys-whonix instances) in Qubes-Whonix.

Though the procedure is for advanced users who want the security benefit of separate Whonix-Gateway instances in Qubes-Whonix. While it affords some protection in the event that other Whonix-Gateway instances are compromised, it will result in a different set of Tor entry guards unless precautions are taken.

Please ensure that the newly created sys-whonix is based on the whonix-gateway-17 Template and has a distinctive VM name, so it is not confused with other VMs. Additionally, it is recommended not to run multiple Whonix-Gateway instances in parallel, see Multiple Whonix-Gateway.

To create a Whonix-Gateway ProxyVM in Qubes:

Qubes VM Manager → Qube → Create new qube
Name and label: Name the ProxyVM. Do not include any personal information; if the ProxyVM is compromised, the attacker could run qubesdb-read /name to reveal its name. Use a generic naming convention, for example: sys-whonix-2.
Color: Choose a color label for the Whonix-Gateway ProxyVM.
Type: Choose the type AppVM.
Template: Choose Whonix-Gateway Template. For example: whonix-gateway-17.
Networking: Choose the desired clearnet Service Qube from the list. For example: sys-firewall.
Advanced: Place a check mark in the "provides network" box. This will allow the Whonix-Gateway ProxyVM to provide networking for other App Qubes.
Press: OK.
See screenshots in footnotes if needed. ^[3]
Open a dom0 terminal.
Add qvm-tag anon-gateway to the newly created App Qube. ^[4]

Note: Replace sys-whonix-2 with the actual name of the VM.

qvm-tags sys-whonix-2 add anon-gateway

12. Done.

Footnotes[edit]

↑ Such as manually configuring identical Tor entry guards. Qube-Whonix users can copy the Tor state folder to another instance or use Bridges.
↑ At present, full instructions are not available for every Non-Qubes-Whonix platform.
↑ Figure: Qubes Manager: Create New Qube - Step 1

Figure: Qubes Manager: Create New Qube - Step 2
↑ Developer documentation about qvm-tags

Whonix The most watertight privacy operating system in the world.

Dark mode

FREE · PLUS · PREMIUM Support

At Whonix we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint Whonix

ENCRYPTED SUPPORT LP, 2023

Your support makes
all the difference!

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 10 year success story and maybe DONATE!

[1] Such as manually configuring identical Tor entry guards. Qube-Whonix users can copy the Tor state folder to another instance or use Bridges.

[2] At present, full instructions are not available for every Non-Qubes-Whonix platform.

[3] Figure: Qubes Manager: Create New Qube - Step 1

Figure: Qubes Manager: Create New Qube - Step 2

[4] Developer documentation about qvm-tags

[1]

[2]

[3]

[4]

Multiple Whonix-Gateway

Contents

Introduction[edit]

VirtualBox

KVM

Qubes-Whonix

See Also[edit]

Footnotes[edit]

Navigation menu