Actions

Template

Deactivate Misc Proxy Settings

From Whonix

On the Stream Isolation page, there is a list of applications that are pre-configured to use socks proxy settings via application configuration files. To disable this, the Whonix system default must be removed from the application's settings.

TODO: document and expand.

Remove proxy settings for APT repository files.

1. If you previously onionized any repositories, that has to be undone. See Onionizing Repositories.

2. Remove any mention of tor+ in file /etc/apt/sources.list (if you are using that - that file is empty by default in Whonix / Kicksecure) or any file in folder /etc/apt/sources.list.d.

3. Open file /etc/apt/sources.list /etc/apt/sources.list.d/* in an editor with root rights.

(Qubes-Whonix ™: In TemplateVM)

This box uses sudoedit for better security [archive]. This is an example and other tools could also achieve the same goal. If this example does not work for you or if you are not using Whonix, please refer to this link.

sudoedit /etc/apt/sources.list /etc/apt/sources.list.d/*

4. Remove any mention of tor+.

The process of removing proxy settings from APT repository files is now complete.

Remove proxy settings for Tor Browser Downloader by Whonix ™.

Open file /etc/torbrowser.d/50_user.conf in an editor with root rights.

(Qubes-Whonix ™: In TemplateVM)

This box uses sudoedit for better security [archive]. This is an example and other tools could also achieve the same goal. If this example does not work for you or if you are not using Whonix, please refer to this link.

sudoedit /etc/torbrowser.d/50_user.conf

Paste. [1] [2]

TB_NO_TOR_CON_CHECK=1
CURL_PROXY="--fail"

Save.

For some applications, this is impossible:

These applications can only talk to Tor Onion Services directly and cannot be configured to use the system default. You can only deactivate sdwdate and/or not use Ricochet IM.

  1. TB_NO_TOR_CON_CHECK=1 needs to be set because there is no filtered Tor ControlPort access when Whonix tunnel firewall is enabled, which would break tb-updater's Tor connectivity check.
  2. By tb-updater default, if unset, variable CURL_PROXY will be dynamically set to a Tor SocksPort on Whonix-Gateway ™. For example to CURL_PROXY="--proxy socks5h://user:password@10.137.6.1:9115".
    By using a curl parameter we are using anyhow, i.e. CURL_PROXY="--fail" we can in effect disable the environment variable even if it's technically still set. This will result in downloading by using the system's default networking.