Openvpn in Standalone qube with sys-whonix

Edit: Will try setting up Standalone Qube with sys-qubes again, but last time there were some networking issues. I will reply later.

please share your best way of having a “non disposable” Debian Qube with Whonix Tor networking.
In that Debian VM I want to run OpenVPN behind the Whonix networking over Tor.

Debian 10 Template → Debian 10 standalone Qube → Whonix only Tor networking → run Openvpn inside
Some sort of VPN leak protection and added security.

Please don’t discuss about safety cause of VPN, I need a ‘clean’ IP adress at the end and non disposable Browser.

Please give me advice, esp. about the networking part, I can’t get it to work, often it ends with no DNS or so.

Maybe it is easier to install clean Debian and don’t use Template.

Thank you!

It is not clear what you are trying to accomplish.

  • why a standalone qube?
  • are you trying to install an OpenVPN server or client?
  • by “sys-qubes” you mean “sys-firewall”?
  • can you describe what you already tried, and what failed?

It would be common courtesy to put as least as much thought and energy into asking the question, as you expect others to spend answering it.

1 Like

By sys-qube, I think they mean sys-whonix… a Tor gateway.

@Brixbiel If I understand you correctly, you want your traffic going through Tor but with a “clean” IP (i.e. your traffic wrapped in an encrypted VPN tunnel as it is relayed through Tor) - presumably so your ISP can’t see that you are using TOR and/or so your real IP is hidden from the Tor entry node and/or so only your VPN IP is exposed at the Tor exit node?

If that is the case, look into “Tor over VPN”. You generally have the right idea, except I wouldn’t suggest setting the VPN up inside of sys-whonix. Configure your VPN in it’s own “ProxyVM” qube.

You might try:

Debian AppVM → Debian ProxyVM w/ VPN → sys-whonix → sys-firewall → sys-net

For instance, your AppVM browser sends data to your VPN qube… which encrypts it through your VPN IP… which passes it to your whonix gateway which replays it through Tor.

Your ProxyVM qube should be configured to use VPN over TCP so that it works in Tor. If possible, it might not be a bad idea to configure the VPN qube to use TCP through port 443. Set up the ProxyVM firewall rules to restrict traffic to your VPN IP addresses to prevent non-VPN traffic from leaking.

Consider the following approaches to setting up the VPN qube. You can adopt them to work with your own VPN provider: