Jump to: navigation, search

Tunnels/Connecting to a proxy before Tor


Connecting to a proxy before Tor

User -> proxy -> Tor -> Internet



Proxy Warning[edit]


Have Proxy Configuration Handy[edit]

Where is the proxy running?

  • On proxy software (such as lantern) that creates a proxy tunnel on your local computer?
  • Or on a remote computer? Great, the is easier to set up.


What is the IP and the port of the proxy?

  • You know the proxy IP? Great!
  • Or you want to run a custom proxy software on Whonix-Gateway? That is also called localhost. Then your proxy IP probably is 127.0.0.1.
  • Note: You need to use the IP instead of the hostname (proxy.example.com). If you don't know the IP of your proxy, please run nslookup proxy.example.com (replace proxy.example.com with the hostname of your actual proxy) in a terminal (Konsole) on your host operating system. Using IP instead of hostname might cause subtle fingerprinting issues, see [2] for more information.


Which type of proxy you are using?

  • HTTPProxy?
  • HTTPSProxy?
  • Socks4Proxy?
  • Socks5Proxy
  • Proxy requires username?
  • Proxy requires password?

Configure Whonix-Gateway[edit]

User -> proxy -> Tor -> Internet

Tor natively supports proxy settings and only requires editting the torrc file.

Open /etc/tor/torrc.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named sys-whonix) -> Tor User Config (Torrc)

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> Settings -> /etc/tor/torrc

If you are using a terminal-only Whonix-Gateway, complete the following steps.

sudo nano /etc/tor/torrc

Depending on your proxy configuration, add the settings you'll need to your /etc/tor/torrc. For more information on these settings, have a look in the Tor manual and read the FAQ.

HTTPProxy host[:port]
HTTPProxyAuthenticator username:password
HTTPSProxy host[:port]
HTTPSProxyAuthenticator username:password

Socks4Proxy host[:port]

Socks5Proxy host[:port]
Socks5ProxyUsername username
Socks5ProxyPassword password

FascistFirewall 0|1 

ReachableAddresses ADDR[/MASK][:PORT]… 
ReachableDirAddresses ADDR[/MASK][:PORT]… 
ReachableORAddresses ADDR[/MASK][:PORT]… 

Reload Tor.

After editing /etc/tor/torrc, Tor must be reloaded for changes take effect.

Note: If Tor does not connect after completing all these steps, then a user mistake is the most likely explanation. Recheck /etc/tor/torrc and repeat the steps outlined in the sections above. If Tor then connects successfully, all the necessary changes have been made.

For Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Reload Tor

For graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> Settings -> Reload Tor

For terminal-only Whonix-Gateway, press on Expand on the right.

Complete the following steps.

Reload Tor.

sudo service tor@default reload

Check Tor's daemon status.

sudo service tor@default status

It should include a a message saying.

Active: active (running) since ...

In case of issues, try the following debugging steps.

Check Tor's config.

sudo -u debian-tor tor --verify-config

The output should be similar to the following.

Sep 17 17:40:41.416 [notice] Read configuration file "/etc/tor/torrc".
Configuration was valid

Optional: Test. Run whonixcheck.

Done.


Footnotes[edit]

  1. Such as the Tor, JonDonym or I2P software.
  2. https://github.com/Whonix/Whonix/issues/94

Random News:

Do you wonder why Whonix will always be free? Check out Why Whonix is Free Software.


Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself.