Tunnels/Connecting to a proxy before Tor
|Before combining Tor with other tunnels, be sure to read and understand the risks!|
Too difficult to set up? Provider specific automation can be created for you by the lead developer of Whonix. Send reasonable price suggestions. Get in contact.
- 1 Proxy Warning
- 2 Proxy Configuration Prerequisites
- 3 Configure Whonix-Gateway
- 4 Footnotes
Users should be aware of several issues when using standard, common http(s)/socks4(a)/5 proxies (anonymizers that only use http(s)/socks4(a)/5 as an interface are exempt).
Proxy Configuration Prerequisites
|Tip: In order to configure a proxy, three things must be known: where the proxy is running, the IP and port of the proxy, and what type of proxy is being used.|
Location of the Running Proxy
The location of the running proxy is variable and depends on the user's system. Refer to the following resources for examples:
- Proxy software (such as lantern) create a proxy tunnel on the local computer.
- Qubes-Whonix: lantern and JonDonym examples.
- Non-Qubes-Whonix: This is not yet fully documented, please contribute. The proxy software must run under the linux user account
- Undocumented: How to autostart custom software after reboot (systemd etc.).
- Undocumented: Custom proxy software setup example.
- Proxy software might run on a remote computer, which is easier to set up.
The Proxy IP and Port
- If the proxy IP and port is known, the user can skip this section.
- If the user wants to run custom proxy software on Whonix-Gateway, then this is also called localhost. Usually the proxy IP is
- Note: The user must use the IP instead of the hostname (proxy.example.com). If the proxy IP is unknown, then in a terminal (Konsole) on the host operating system, run  for more information. (replace proxy.example.com with the hostname of your actual proxy). Using IP instead of hostname might cause subtle fingerprinting issues, see
Type of Proxy in Use
The user needs to know the proxy type from the following list:
The user must also ascertain whether the proxy requires a username and/or password.
Tor natively supports proxy settings and only requires editing of the torrc file.
Option 1: Use Anon Connection Wizard
Beginning with Whonix 14, a prefixed proxy can be configured easily using Anon Connection Wizard.
Option 2: Manually configure proxy
|From Whonix 14 onwards, all user unique Tor configurations should be stored in /usr/local/etc/torrc.d/50_user.conf and not anywhere else. Note that Whonix will not modify /usr/local/etc/torrc.d/50_user.conf once it is created, therefore the user is responsible for adding or removing specific configurations in this file.|
Depending on your proxy configuration, add the settings you'll need to your /usr/local/etc/torrc.d/50_user.conf. For more information on these settings, have a look in the Tor manual and read the FAQ.
HTTPProxy host[:port] HTTPProxyAuthenticator username:password HTTPSProxy host[:port] HTTPSProxyAuthenticator username:password Socks4Proxy host[:port] Socks5Proxy host[:port] Socks5ProxyUsername username Socks5ProxyPassword password FascistFirewall 0|1 ReachableAddresses ADDR[/MASK][:PORT]… ReachableDirAddresses ADDR[/MASK][:PORT]… ReachableORAddresses ADDR[/MASK][:PORT]…
Optional: Test. Run whonixcheck.
- Such as the Tor, JonDonym or I2P software.
- Users in China are unlikely to circumvent government censorship with vanilla bridges, as they are uniformly blocked. That said, anon-connection-wizard configured with the meek-amazon or meek-azure pluggable transport is reported to bypass Chinese censorship in late 2017.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.