Tunnel UDP over Tor
|The Tor software does not yet support UDP,  although Tor provides a DnsPort. If UDP is urgently required in Whonix, a limited workaround is provided. For the most secure method, see Tunnel UDP over Tor.|
(This page below.)
VPN method (WORKING)
See related VPN documentation: How to connect to Tor before a VPN (User -> Tor -> VPN -> Internet).
This tutorial uses OpenVPN. Other VPN implementations, such as PPTP, might be useful as well, but we haven't researched that yet. Maybe there are other VPN implementations, which also support UDP, and which are free and allow UDP. We haven't researched that yet.
Before setting up the VPN, you should make yourself familiar with curl and rdate. The rdate command line switch -p results in just showing the date and time, without setting it. -u uses UDP instead of TCP (default).
Test if your Whonix setup is working in general. 
UWT_DEV_PASSTHROUGH=1 curl --tlsv1.2 --proto =https https://check.torproject.org
Which should show "Congratulations. Your browser is configured to use Tor.".
Install rdate for UDP and TCP testing.
sudo apt-get update
sudo apt-get install rdate
Commands for TCP testing are.
rdate -p time.u.washington.edu
rdate -p time.nist.gov
rdate -p ptbtime1.ptb.de
Commands for UDP testing are.
rdate -u -p time.u.washington.edu
rdate -u -p time.nist.gov
rdate -u -p ptbtime1.ptb.de
Your tests should reveal, that without a VPN, you can run TCP over Tor, but not UDP.
Obviously a VPN provider is required. One that does not block UDP. Instructions setting one up can be found on the TestVPN page, the riseup and the usaip example is known to work for this purpose.
Test rdate again, first in TCP mode, then in UDP mode. Both should work.
SSH method (NOT DOCUMENTED)
In theory we can also use SSH servers to tunnel UDP over Tor. Unfortunately we can't provide instructions here. Free SSH services are rarely available, that makes developing such a solution impossible. The existing free SSH services are blocking certain ports, which does not make this easier as well. Even though SSH can provide a socks5 proxy, it is not capable of providing support for tunneling UDP itself. Extra software installed on the client, and even worse on the server is required (needs root). Most admins will not do this. The link in the instructions are most likely only useful for you, if you have your own server. But even then, you are probably better off, using the VPN method.
socks5 proxy method (FAILED)
Footnotes / References
- While enforcing SSL.
- Alternatively, not enforcing SSL, because some VPN services seem to block SSL.
UWT_DEV_PASSTHROUGH=1 curl http://check.torproject.org
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.