Connecting to a Proxy before Tor
- 1 Proxy Warning
- 2 Proxy Configuration Prerequisites
- 3 Configure Whonix-Gateway ™
- 4 Footnotes
Proxy Configuration Prerequisites
Location of the Running Proxy
The location of the running proxy is variable and depends on the user's system. Refer to the following resources for examples:
- Proxy software (such as lantern) create a proxy tunnel on the local computer.
- Qubes-Whonix ™: lantern and JonDonym examples.
- Non-Qubes-Whonix ™: This is not yet fully documented, please contribute. The proxy software must run under the linux user account
tunnelon Whonix-Gateway ™.
- Undocumented: How to autostart custom software after reboot (systemd etc.).
- Undocumented: Custom proxy software setup example.
- Proxy software might run on a remote computer, which is easier to set up.
The Proxy IP and Port
- If the proxy IP and port is known, the user can skip this section.
- If the user wants to run custom proxy software on Whonix-Gateway ™, then this is also called localhost. Usually the proxy IP is
- Note: The user must use the IP instead of the hostname (proxy.example.com). If the proxy IP is unknown, then in a terminal (Konsole) on the host operating system, run  for more information. (replace proxy.example.com with the hostname of your actual proxy). Using IP instead of hostname might cause subtle fingerprinting issues, see
Type of Proxy in Use
The user needs to know the proxy type from the following list:
The user must also ascertain whether the proxy requires a username and/or password.
Configure Whonix-Gateway ™
Tor natively supports proxy settings and only requires editing of the torrc file.
Option 1: Use Anon Connection Wizard
Beginning with Whonix ™ 14, a prefixed proxy can be configured easily using Anon Connection Wizard.
Option 2: Manually configure proxy
Depending on your proxy configuration, add the settings you'll need to your /usr/local/etc/torrc.d/50_user.conf. For more information on these settings, have a look in the Tor manual and read the FAQ.
HTTPProxy host[:port] HTTPProxyAuthenticator username:password HTTPSProxy host[:port] HTTPSProxyAuthenticator username:password Socks4Proxy host[:port] Socks5Proxy host[:port] Socks5ProxyUsername username Socks5ProxyPassword password FascistFirewall 0|1 ReachableAddresses ADDR[/MASK][:PORT]… ReachableDirAddresses ADDR[/MASK][:PORT]… ReachableORAddresses ADDR[/MASK][:PORT]…
Optional: Test. Run whonixcheck.
- Such as the Tor, JonDonym or I2P software.
- Users in China are unlikely to circumvent government censorship with vanilla bridges, as they are uniformly blocked. That said, anon-connection-wizard configured with the meek-amazon or meek-azure pluggable transport is reported to bypass Chinese censorship in late 2017.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)