Actions

Connecting to a Proxy before Tor

< Tunnels



User -> Proxy -> Tor -> Internet



Proxy Warning[edit]


Proxy Configuration Prerequisites[edit]


Location of the Running Proxy[edit]

The location of the running proxy is variable and depends on the user's system. Refer to the following resources for examples:

  • Proxy software (such as lantern) create a proxy tunnel on the local computer.
    • Qubes-Whonix: lantern and JonDonym examples.
    • Non-Qubes-Whonix: This is not yet fully documented, please contribute. The proxy software must run under the linux user account tunnel on Whonix-Gateway.
      • Undocumented: How to autostart custom software after reboot (systemd etc.).
      • Undocumented: Custom proxy software setup example.
  • Proxy software might run on a remote computer, which is easier to set up.


The Proxy IP and Port[edit]

  • If the proxy IP and port is known, the user can skip this section.
  • If the user wants to run custom proxy software on Whonix-Gateway, then this is also called localhost. Usually the proxy IP is 127.0.0.1.
  • Note: The user must use the IP instead of the hostname (proxy.example.com). If the proxy IP is unknown, then in a terminal (Konsole) on the host operating system, run nslookup proxy.example.com (replace proxy.example.com with the hostname of your actual proxy). Using IP instead of hostname might cause subtle fingerprinting issues, see [3] for more information.


Type of Proxy in Use[edit]

The user needs to know the proxy type from the following list:

  • HTTPProxy
  • HTTPSProxy
  • Socks4Proxy
  • Socks5Proxy


The user must also ascertain whether the proxy requires a username and/or password.


Configure Whonix-Gateway[edit]

User -> proxy -> Tor -> Internet

Tor natively supports proxy settings and only requires editing of the torrc file.

Option 1: Use Anon Connection Wizard[edit]

Beginning with Whonix 14, a prefixed proxy can be configured easily using Anon Connection Wizard.

Step 1: Start Anon Connection Wizard[edit]

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named sys-whonix) -> Anon Connection Wizard

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> System -> Anon Connection Wizard

If you are using a terminal Whonix-Gateway, type.

kdesudo anon-connection-wizard

Step 2: Use proxy configuration page[edit]

Select "Use proxy before connecting to the Tor network" on the Proxy Configuration page -> Choose the proxy type -> Fill out other necessary information

Option 2: Manually configure proxy[edit]


Open /usr/local/etc/torrc.d/50_user.conf.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named sys-whonix) -> Tor User Config (Torrc)

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> Settings -> /usr/local/etc/torrc.d/50_user.conf

If you are using a terminal-only Whonix-Gateway, complete the following steps.

sudo nano /usr/local/etc/torrc.d/50_user.conf

Depending on your proxy configuration, add the settings you'll need to your /usr/local/etc/torrc.d/50_user.conf. For more information on these settings, have a look in the Tor manual and read the FAQ.

HTTPProxy host[:port]
HTTPProxyAuthenticator username:password
HTTPSProxy host[:port]
HTTPSProxyAuthenticator username:password

Socks4Proxy host[:port]

Socks5Proxy host[:port]
Socks5ProxyUsername username
Socks5ProxyPassword password

FascistFirewall 0|1 

ReachableAddresses ADDR[/MASK][:PORT]… 
ReachableDirAddresses ADDR[/MASK][:PORT]… 
ReachableORAddresses ADDR[/MASK][:PORT]… 

Reload Tor.

After editing /usr/local/etc/torrc.d/50_user.conf, Tor must be reloaded for changes to take effect.

Note: If Tor does not connect after completing all these steps, then a user mistake is the most likely explanation. Recheck /usr/local/etc/torrc.d/50_user.conf and repeat the steps outlined in the sections above. If Tor then connects successfully, all the necessary changes have been made.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Reload Tor

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> Settings -> Reload Tor

If you are using a terminal-only Whonix-Gateway, press on Expand on the right.

Complete the following steps.

Reload Tor.

sudo service tor@default reload

Check Tor's daemon status.

sudo service tor@default status

It should include a a message saying.

Active: active (running) since ...

In case of issues, try the following debugging steps.

Check Tor's config.

sudo -u debian-tor tor --verify-config

The output should be similar to the following.

Sep 17 17:40:41.416 [notice] Read configuration file "/usr/local/etc/torrc.d/50_user.conf".
Configuration was valid

Optional: Test. Run whonixcheck.

Done.


Footnotes[edit]

  1. Such as the Tor, JonDonym or I2P software.
  2. Users in China are unlikely to circumvent government censorship with vanilla bridges, as they are uniformly blocked. That said, anon-connection-wizard configured with the meek-amazon or meek-azure pluggable transport is reported to bypass Chinese censorship in late 2017.
  3. https://github.com/Whonix/Whonix/issues/94

Random News:

Want to get involved with Whonix? Check out our Contribute page.


https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)