Multiple Whonix Workstations - Stream Isolation

If I create multiple AppVM’s based on the anon-whonix Template and I configure all of them to use sys-whonix for networking:

a) will each VM have it’s own circuit and exit server?
b) will each application in each VM have it’s own circuit and exit server?
c) if so, will they all still share the same guard relay?
d) is there any point at all of creating an different whonix-gateway VM to provide networking for each whonix-workstation VM?


The Whonix docs explain the advantages and disadvantages of Multiple Whonix-Workstation and Multiple Whonix-Gateway scenarios better than I could.

Multiple workstation VMs are all connected to the gateway using the same virtual bridge; they share an IP subnet. A variety of attacks permit devices sharing a bridge to view or steal one another’s traffic, or to impersonate one another at the IP layer. The exact attacks available depend on the specific bridge implementation, but some are always available. At a minimum, VMs sharing a bridge can always trivially detect one another, and determine one another’s local IP addresses on the bridge, simply by watching broadcast traffic like ARP and IPv6 neighbor discovery.


Thanks, I looked up the docs on the Whonix website. The part you posted talked about the danger in case of a compromised VM, but I was inquiring about circuit sharing which according to the docs is not a problem in Qubes-Whonix so that’s great.

The question may be better suited for the whonix forum:

1 Like