Jump to: navigation, search

Tunnels/Connecting to a proxy before Tor


Connecting to a proxy before Tor

User -> proxy -> Tor -> Internet



Proxy Warning[edit]


Have Proxy Configuration Handy[edit]

Where is the proxy running?

  • On proxy software (such as lantern) that creates a proxy tunnel on your local computer?
  • Or on a remote computer? Great, the is easier to set up.


What is the IP and the port of the proxy?

  • You know the proxy IP? Great!
  • Or you want to run a custom proxy software on Whonix-Gateway? That is also called localhost. Then your proxy IP probably is 127.0.0.1.
  • Note: You need to use the IP instead of the hostname (proxy.example.com). If you don't know the IP of your proxy, please run nslookup proxy.example.com (replace proxy.example.com with the hostname of your actual proxy) in a terminal (Konsole) on your host operating system. Using IP instead of hostname might cause subtle fingerprinting issues, see [2] for more information.


Which type of proxy you are using?

  • HTTPProxy?
  • HTTPSProxy?
  • Socks4Proxy?
  • Socks5Proxy
  • Proxy requires username?
  • Proxy requires password?

Configure Whonix-Gateway[edit]

User -> proxy -> Tor -> Internet

Tor natively supports proxy settings and only requires editting the torrc file.

Open /etc/tor/torrc.

If you are using Qubes-Whonix, complete the following steps:

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named sys-whonix) -> Tor User Config (Torrc)

If you are using a graphical Whonix-Gateway, complete the following steps:

Start Menu -> Applications -> Settings -> /etc/tor/torrc

If you are using a terminal-only Whonix-Gateway, complete the following steps:

sudo nano /etc/tor/torrc

Depending on your proxy configuration, add the settings you'll need to your /etc/tor/torrc. For more information on these settings, have a look in the Tor manual and read the FAQ.

HTTPProxy host[:port]
HTTPProxyAuthenticator username:password
HTTPSProxy host[:port]
HTTPSProxyAuthenticator username:password

Socks4Proxy host[:port]

Socks5Proxy host[:port]
Socks5ProxyUsername username
Socks5ProxyPassword password

FascistFirewall 0|1 

ReachableAddresses ADDR[/MASK][:PORT]… 
ReachableDirAddresses ADDR[/MASK][:PORT]… 
ReachableORAddresses ADDR[/MASK][:PORT]… 

Reload Tor.

After editing /etc/tor/torrc you must reload Tor so your changes take effect. (Note: if after completing all these steps and you are not able to connect to Tor, you have most likely done something wrong. Go back and check your /etc/tor/torrc and redo the steps outlined in the sections above. If your are able to connect to Tor, then you have completed your changes correctly.)

For Qubes-Whonix, complete the following steps:

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Reload Tor

For graphical Whonix-Gateway, complete the following steps:

Start Menu -> Applications -> Settings -> Reload Tor

For terminal-only Whonix-Gateway, press on expand on the right.

Complete the following steps:

Reload Tor.

sudo service tor@default reload

Check Tor's daemon status.

sudo service tor@default status

It should include a a message saying.

Active: active (running) since ...

In case of issues, try the following debugging steps.

Check Tor's config.

sudo -u debian-tor tor --verify-config

Should show something like the following.

Sep 17 17:40:41.416 [notice] Read configuration file "/etc/tor/torrc".
Configuration was valid

Optional: Test. Run whonixcheck.

Done.


Footnotes[edit]

  1. Such as the Tor, JonDonym or I2P software.
  2. https://github.com/Whonix/Whonix/issues/94

Random News:

Interested in becoming author for Whonix blog? Writing about anonymity/privacy/security? Get in touch!


Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help welcome, volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.