Connecting to tor before a Mullvad wireguard vpn

Hello, I have used the mullvad doc to create a vpn connection like in this documentation

. I want to wrap my vpn about tor to use my old email server ( and didn’t get banned ) so my mullvad vpn is working and I cloned my sys-whonix and put it after my mullvad vm so like
sys-net → sys-firewall-> MullvadVPN → sys-whonix → any Template
But even in my sys-whonix template I get only the response that I use tor when I use the curl command. So it’s like that my cloned sys -whonix template place tor infront of mullvad.
Can someone explain me how I can tunneling a vpn over tor? I searched a lot in the internet but didn’t found something that fits for my wireguard template. Is there an easy way to connecting to tor before a vpn?

What is sys-whonix and MullvadVPN netvms?

What’s the point of putting the VPN before Tor…? That’s just an extra unnecessary middleman (unless you’re in one of those weird places that behead people for wanting freedom)

I’ve done Tor->VPN successfully in the past but not the other way around. Sounds to me like it’d be a little more complicated due to the way Whonix works but I could be wrong

user - firewall - network - tor - vpn - (email) web-service

Advantage, some service provider block traffic from Tor exit nodes. With this setup you can avoid this blocking. … but some are also blocking VPN IPs. :wink:

Btw, maybe this is of interest: The Hitchhiker’s Guide to Online Anonymity | The Hitchhiker’s Guide to Online Anonymity

You are using Tor and then the VPN, not the other way round, there really isn’t any reason to use the VPN and then Tor.

I read your documentation and will try to build a extra proxy vm for my vpn vm. When I put a simple whonix ws on the vpn qube I get this result:

It is not my documentation. It is just a well known anonymity guide. Sorry, I cannot help you here (I do not have tor - vpn nor vpn - tor nor vpn - tor -vpn) but did you make a search here on this community? There are many threads already i.e. , … I guess @Emily can give you some advice or support :wink:

I set up now a vpn connection with cli scripts

But I get the same results. I configured that my sys-vpn use sys-firewall for network and then that sys-whonix clone use sys-vpn for internet. In sys-vpn I can connect to the internet, but when I try to connect to tor through my sys-whonix I can’t establish a connection.
After that I tried to use a new qube with an whonix gw, clicked on provides network and in a second fedora template that I placed behind I opened a Firefox browser. But when I tested my ip it shows me the tor ip. I configured that my sys-vpn use sys-whonix as net vm but then I get no connection at all.

Your links are private for me :frowning:

Ok I read the whonix documentation

And found this text
UDP-style VPN connections are incompatible with Tor because it requires the VPN to be configured to use TCP. [14] This requires adding proto tcp to the VPN configuration file /rw/config/vpn/openvpn-client.ovpn .
So I found and change the passage in my vpn file. After restarting the template I get the message “link is up” so it’s connecting with my sys-whonix template but because that’s not enough I had a 100% packet loss in my ping test. Does anyone know what I am doing wrong?

Just blind suggestion.

1 Like

This Tor limitation was one reason to develop lokinet.

1 Like

I chained together qubes to make this work. I’m not sure its the best approach.

sys-mullvad: Set your firewall settings to only allow connections from the Mullvad IPs. Set your vpn to auto start when qube loads. I used this guide to do that: Using Mullvad VPN in Qubes
sys-whonix: Standard tor connection.
sys-mullvad-whonix: Uses sys-mullvad for the network.

What it looks like in practice.
sys-mullvad start and connects to the VPN.
Then sys-mullvad-whonix starts and connects to Mullvad thru sys-mullvad. Then connects to tor.

(You can go a step further and chain another VPN too: Example: sys-mullvad-tor-proton.)

Slow, but when needed, it could save your life as the world spirals further into dystopia.

You could also replace Lokinet for the Tor part of the chain. That will be my next test.

1 Like

Make sure you get the TCP 443 versions of your OpenVPN config files if you want it to work over Tor. I use two different VPN providers and they both offer port 443 options in their respective OpenVPN config download pages so I bet yours does too

Yeah rofl we can pretty much chain as many VPN’s and Tor circuits as RAM allows… now when we figure out how to throw i2p into the mix (as in an i2p netvm) then we win the anonymity game