Last update: March 17, 2019. This website uses cookies. By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. More information


Tunnel UDP over Tor


(This page below.)

VPN method (WORKING)[edit]

See related VPN documentation: How to connect to Tor before a VPN (User -> Tor -> VPN -> Internet).

This tutorial uses OpenVPN. Other VPN implementations, such as PPTP, might be useful as well, but we haven't researched that yet. Maybe there are other VPN implementations, which also support UDP, and which are free and allow UDP. We haven't researched that yet.

Before setting up the VPN, you should make yourself familiar with curl and rdate. The rdate command line switch -p results in just showing the date and time, without setting it. -u uses UDP instead of TCP (default).

Test if your Whonix setup is working in general. [2]

UWT_DEV_PASSTHROUGH=1 curl --tlsv1.2 --proto =https


Which should show "Congratulations. Your browser is configured to use Tor.".

Install rdate for UDP and TCP testing.

sudo apt-get update
sudo apt-get install rdate

Commands for TCP testing are.

rdate -p
rdate -p
rdate -p

Commands for UDP testing are.

rdate -u -p
rdate -u -p
rdate -u -p

Your tests should reveal, that without a VPN, you can run TCP over Tor, but not UDP.

Obviously a VPN provider is required. One that does not block UDP. Instructions setting one up can be found on the TestVPN page, the riseup and the usaip example is known to work for this purpose.

Test rdate again, first in TCP mode, then in UDP mode. Both should work.

SSH method (NOT DOCUMENTED)[edit]

In theory we can also use SSH servers to tunnel UDP over Tor. Unfortunately we can't provide instructions here. Free SSH services are rarely available, that makes developing such a solution impossible. The existing free SSH services are blocking certain ports, which does not make this easier as well. Even though SSH can provide a socks5 proxy, it is not capable of providing support for tunneling UDP itself. Extra software installed on the client, and even worse on the server is required (needs root). Most admins will not do this. The link in the instructions are most likely only useful for you, if you have your own server. But even then, you are probably better off, using the VPN method.

socks5 proxy method (FAILED)[edit]

Moved to [Dev] Archive Tunneling UDP over Tor (w).

Footnotes / References[edit]

  2. While enforcing SSL.
  3. Alternatively, not enforcing SSL, because some VPN services seem to block SSL.

No user support in comments. See Support.

Comments will be deleted after some time. Specifically after comments have been addressed in form of wiki enhancements. See Wiki Comments Policy.

Add your comment
Whonix welcomes all comments. If you do not want to be anonymous, register or log in. It is free.

Random News:

We are looking for help in managing our social media accounts. Are you interested?

https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix is a trademark. Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix itself. (Why?)

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix is provided by ENCRYPTED SUPPORT LP. See Imprint.