Connecting to the Internet for the first time

I am a new user of Qubes.
I have just completed my installation.

After a reboot, the system offered me to connect to the Tor network through Whonix. I accepted, but the progress bar remained frozen for about ten minutes. This seems obvious to me, since I didn’t connect to any Internet access. I don’t dare to connect on my home WiFi, for fear of losing my anonymity…

One thing the startup instructions don’t say is “How do I connect to the Internet anonymously”. I looked in the documentation, but I couldn’t find it.

From what I understand, there are two possibilities:

  1. Use Tor
    Is Tor only used with Whonix? Or can it be used independently? I’d like to understand the Tor system a little better.

  2. Use a VPN provider.
    But can we trust a VPN provider? Because even if the purchase is anonymous, even if the VPN network is encrypted, the provider is still someone I have to “trust”: doesn’t he have the encryption key for my VPN? Can’t they see the content of the data I’m exchanging?

Qubes OS uses Tor through Whonix. The sys-whonix service VM routes the connections though Tor of the appVMs that receive networking from it. For instance, if you go into the ‘Qube Settings’ of the anon-whonix qube, you can see that ‘Networking:’ lists ‘sys-whonix’. If you wanted, you could change debian or fedora AppVMs’ settings to receive networking from sys-whonix, but this won’t be as anonymous as using a Whonix AppVM. If you want to change the default networking VM for all qubes, and even when updating TemplateVMs, you can go to System Tools > Qubes Global Settings in the application menu and change ‘Dom0 UpdateVM’ and ‘Default NetVM’ both to ‘sys-whonix’. However, you will still have to change the networking settings for all of your current AppVMs, as the ‘Default NetVM’ setting only applies when creating new qubes.
See also: Contents/ at master · Qubes-Community/Contents · GitHub.

Those are valid questions that you have to ask yourself when considering Tor vs. VPN. Tor doesn’t require as much trust, and you’re also not trusting a single person or company, and it’s more anonymous. The main advantages of a VPN are speed and also being blocked less by websites.
As for how to set up a VPN on Qubes, see Contents/ at master · Qubes-Community/Contents · GitHub.


Thank you for your answer.
I will try to set this up tomorrow.

I continue my beginner’s learning…
To be on the safe side, I say to myself that it is better to start by making everything go through TOR : you must always choose " sys-whonix ", for all the elements using a networking.

Only when this is done, will I allow myself (for the first time) to connect to my home Wi-Fi system.

I will start using something other than TOR, when the following conditions are met:

  1. When I know enough about Qubes.
  2. When I am sure of my VPN provider(s).
  3. When I have established my working and connection method.

What do you think about it?

I note that the default settings are :
Dom0 UpdateVM … sys-firewall
ClockVM … sys-net
Default netVM … sys-firewall

For the general settings updates, did you not forget to tell me that you have to put ClockVM on sys-whonix too?

no, you shouldn’t put clockvm on sys-whonix for many reason like ntp (network time protocol) is udp but tor only run on tcp, etc

Hello and thank you for your answer.

So I finally connected to the Internet: on my home Wi-Fi.

However, I can’t connect “Tor browser” or Firefox.

I understand that Whonix uses two virtual machines:

  1. whonix-gw-15 … the “Whonix gateway” is the proxy that routes all network traffic through Tor.

  2. whonix-ws-15 … the “Whonix workstation” is used to create AppVMs.

Here is the current state of my system:

what vm you used to open that

Firefox by myAppVM
Tor browser by whonixAppVM-test

Try changing the networking settings for ‘whonix-gw-15’ and ‘whonix-ws-15’ to ‘(none)’. The TemplateVMs shouldn’t have networking.

Yes, it was like that by default, but I found it more prudent to specify the NetVM on each of these models: on the one hand, I’m not an expert and I might not set up my system very often when it’s perfected; on the other hand, I find it prudent to specify the most secure networks by default.

So there is certainly something I did not understand.

On the other hand, I imagine that this change you propose will not solve my problem.

It still doesn’t work:

can you connect to anything using sys-net? If so, the problem is whonix-specific and you should try to find the error by measuring at which point your connection won’t get forwarded to the app-vm. If you can’t connect to anything using sys-net the issue is probably with the drivers of your wifi card (if it’s a pcie device which is the standard these days) or passthrough from sys-usb (if it’s a usb device connected to the usb controller).

Hello and thank you for your answers.

This morning, I rebooted my machine completely. Below you will find some captures that show the choices I had to make. I first chose the first proposal, but the system blocked me at 30%. I then chose the 2nd proposal, and the system still blocked at 30%. Finally, I closed the window of these proposals.

My machine is well connected to the Internet :

  1. First of all, a old screenshot above shows it well;
  2. Secondly, I was able to visit web pages, in myAppVM, by connecting to sys-firewall.

The problem would come from Whonix. Please note that I am a great beginner… and I don’t know Whonix. I only know “a little” Tail … and therefore “a little” TOR but as a “simple user” :frowning:

Should I be afraid that my machine will be identified when I connect to the Internet, without going through TOR?




And for the second choice:





you should

i also met this problem before when i try to connect to tor on slow/tor blocked network

Really?! Basically, what information is my machine sending? Identification on the hardware? My machine is brand new, and I haven’t had any business or personal activities yet. I just opened Firefox.

I’m on a router with a 4G SIM card that works fine, but to make sure I have good Internet access, I connected to my home box on Wi-Fi.

In both cases, I have a very good connection with 4 nice red bars.

I also tried connecting to the Ethernet socket.

Here is the first test:

Here is the second test:

Here is the thirth:

I don’t know how go here:
dom0 > Start Menu > ServiceVM

I also tried with the terminal, but without success.

not a lot, but not using tor mostly meaning that you not using tor browser
in this case, that correct

ok, confirmed not network problem, it your whonix vm problem

Tor is disabled.

If Tor is being blocked on your network, you may need to configure Tor Bridges. You can do this by going to the application menu then sys-whonix > ‘Anon Connection Wizard’, in the wizard select ‘Configure’ then check ‘I need Tor bridges to bypasas the Tor censorship’, then finish the wizard and wait a couple minutes for the progress bar to complete.
If that doesn’t work, you can also try selecting the ‘Provide a bridge I know’ option and obtain bridges from to use.

1 Like

It works, it’s great! Thanks for everything!

As an indication, the page was displayed in 18 seconds.

1 Like