Create Whonix-Gateway ™ ProxyVMs
This procedure is for advanced users who want the security benefit of separate Whonix-Gateway ™ instances in Qubes-Whonix ™. While it affords some protection in the event other Whonix-Gateway ™ instances are compromised, it will result in a different set of Tor entry guards unless precautions are taken.
Ensure the newly created
sys-whonix is based on the
whonix-gw-16 Template and has a distinctive VM name, so it is not confused with other VMs. It is also recommended to not run multiple Whonix-Gateway ™ in parallel, see Multiple Whonix-Gateway ™.
To create a Whonix-Gateway ™ ProxyVM in Qubes R4:
Qubes VM Manager→
Create new qube
- Name and label: Name the ProxyVM. Do not include any personal information; if the ProxyVM is compromised, the attacker could run
qubesdb-read /nameto reveal its name. Use a generic naming convention, for example:
- Color: Choose a color label for the Whonix-Gateway ™ ProxyVM.
- Type: Choose the type
- Template: Choose Whonix-Gateway ™ Template. For example:
- Networking: Choose the desired clearnet Service Qube from the list. For example:
- Advanced: Place a check mark in the "provides network" box. This will allow the Whonix-Gateway ™ ProxyVM to provide networking for other App Qubes.
Figure: Qubes Manager: Create New Qube