The Guides of How to get Whonix in Any VPN

As many people using Qubes as their daily driver, including Tor usage, all of these information that I may advice you about the following warnings:

1. All your TOR traffic will redirect to other providers (Servers) may blocked by them
2. Make sure all of your TOR traffic went to your well-trusted and well-secured VPN provider/facility by your own trust
3. Make sure your VPN providers don’t IP log (This is a top of the line and state of the art advice of how I browse the darknet)

Here comes the real part of the guide:

Installation

1. In your template qube, install your VPN provider ( let’s use RiseupVPN)

$ sudo snap install --classic riseup-vpn

If you don’t have snap, please use the following
Fedora:

$ sudo dnf install snapd

Debian based:

$ sudo apt install snapd

2. After you installed that, the following things made you possible with ease:
   a. create a qube that is part of your installation template
   b. in the qubes settings, goes to the APPLICATIONS tab, find your VPN. Notes: you may refresh the application menu by the following command in DOM0 terminal:

$ qvm-sync-appmenus [your template VM name]

c. select your VPN client from the available side to the selected side via clicking the single arrow symbol pointing to the right.
d. EXTRA (This step is optional) turn down your max memory down to 1000M
e. in the advanced tab, find the section called Other, select Provides network. This is to let other qubes to connect this newly created qube.
f. select OK, this is the similar version of APPLY button but saves faster

3. After the above steps, the followings are the qube networks for the TOR
   a. select back to the newly created qube settings
   b. in advanced tab, find Memory/CPU section, turn your vCPUs from the default of 2 into 4
   c. (advanced, but not annoyance) in the Basic tab, click Start qube automatically on boot
   d. click OK

4. in your newly created qube, consider the following steps:
   a. in your qubes app menu, find your newly created qube and select your VPN client and wait
   b. once been popped up, start using it

Conclusion:
It was a somewhat difficult tasks to do in order to have the vpn working with you at all time. As an advice, the best way to segregate your traffic is to clone your existed firewall qube to avoid any qube crashes, if has it, that may totally reset your TOR traffic. As a result, you don’t have any annoyance from that alone.

Thanks for your guide!

However, there are many considerations one has to take when using a VPN + Tor.

There are multiple setups for Tor+VPN and yours is a Tor-Over-VPN (if i am not mistaken). This will tunnel all your Tor traffic over your VPN.

There are only these reason to do this that i can think of:

1. You want to conceal that you are using Tor against your ISP or other network side adversaries that are placed on the route before your guard.
2. Tor is blocked in your location but you want to use it anyways.
3. You want to add another layer of protection, in case your adversary can break Tor.

There are a few problems.

1. Concealing Tor usage.

It is impossible to conceal Tor usage against a reasonably skilled an motivated adversary.

If your ISP (usually when ppl say ISP in this context, they mean gov) really wants to see if you are using Tor they can.

Empty Tor cells that are send to keep open your connection have a specific size that does not get obfuscated too well by your VPNs padding.
Additionally Tor connections have very specific timing patterns that can be used to detect Tor usage with a very high degree of certainty. something like 99.99%, **even when obfuscated with pluggable transport or VPNs. (I have a scientific paper as a source but cannot find it at this moment. Will search more when requested)

2. Avoid Tor censorship

This might actually work. Chances are tho, that VPN connections are also blocked if your gov decides on blocking Tor. Blocking VPN connections is much easier than blocking Tor+PL, which is why the official recommendation is to use Pluggable Transport and Bridges in this case.

3. Another layer of protection

Honestly: If your adversary can break Tor somhow reliably, which there is no real indication btw, he will laugh at your VPN. In this case we are talking about a fully or at least greatly global adversary. With traffic correlation a VPN will not provide any additional protection. All you do is to shift the trust in your ISP to a VPN.

Of course, this is dependent on threat model and specific case, but i would argue that a VPN, which is usually used for “shady traffic” is under much more surveillance by your adversary than all ISPs. Many attacks on Tor anonymity need your adversary to listen on the connection between you and your guard. It just makes a lot of sense for an adversary planning on de anonymizing people to very closely monitor traffic to VPNs. Monitoring ISPs is another option, but this is much more costly because there are many more ISPs than VPNs.

Here are other sources for this:
Matt traudt
Whonix wiki
Torproject FAQ
Tor trac

Thank you very much for the detailed guide. I can try that one next time… But when i now have the mullvad setup… Is there no easier way to just get whonix to go through the vpn?
Just the network order… Might be a few easy settings… Might work, or not work with the mullvad-vpn setup… Might need the official Qubes VPN guide. If anyone knows that answer please do tell how you would make whonix go through the vpn after using that other external guide…

Just some easy steps after that one, to make whonix go through the mullvad VPN is what i’m looking for. the right kind of sys-net —> sys-firewall settings… That works with this mullvad setup, which would not have the same network settings as the official qubes vpn in the network right…
Anyone?
Maybe just set sys-whonix to mullvad-vpn? It’s sys-firewall now…
Whonix might already be going through the VPN, i dont know how to even check that. The guide could have fixed everything also.
I’m no network expert in computers… I just think it could be good in this day and age to try and hide everything from your I$P.

Are you telling me tor is pretty much useless today when it comes to privacy? I did read that some governments had like 200 tor exit nodes so they keep track of everyone…
What are the best alternatives today? Is a VPN safer then tor?
What’s the best private connections in 2022? Privacy don’t mean shady or illegal. Just private. Is that even a thing anymore for anyone? Are there better alternatives to tor?
I get that they want to track people… Might be a good thing on tor if some abuse anonymity.
But why do a small % need to affect the idea of tor… 200 exit nodes from governments is a big effort i mean. I saw some video that mentioned that…
So are there alternatives and just private connections anymore? Or do the governments have their “claws” on everything today like windows, android, and you know, as the people is a money making cash cow, and “their products.” Taxes and so on…

No, it is an invaluable tool.

The official Tor projects resoponse to this is: They do not need to. The could just surveil the traffic without running the nodes.

My counterargument would be: Govs can run a great number of exits without that impacting the protective goals too much. Further: Who can assure you, that govs have not hacked your ISP or are running it?

Depends on what you want to achieve. For surfing the web (low latency networking): Nothing is more private or anonymous that Tor at this moment. However Tor is not perfect. I would bet that it is good enough for your use case, but without knowing use case nor threat model this is practically impossible to asses.

There are multiple facets to this, like private against whom?
Against your ISP (Network provider), your partner, the website you browse, your government …

So i just assume you mean: I do not want anybody to know what i am doing on the internet.

This is impossible. At the very least all sites you browse will know what you are doing on them, so you your only option is to not let them know who you are, which is anonymity. In fact you probably even want them to not being able to recognize you again when browsing the same site later. This is what Tor was designed for and is the best you can get.

100% depends on what you do. If you do not need the low latency bit, other technologies give stronger protective guarantees, for example anonymous remailers provide better anonymity under broader adversary models. It really really depends on what you want to achieve.

From your text i think you are concerned about gov doing gov stuff.

Let me tell you this: Usually beginners in OPSEC do vastly overestimate the capabilities of their adversaries and their motivation to wage them against one. Most probably you are safe from the fancy exotic stuff and only are (acceptable, one might say wanted) collateral damage from untargeted mass surveillance, besides all the private surveillance capitalism thing of course.

For this use case Tor is absolutely fine and literally the best one can use. VPNs offer a much lesser degree of anonymity and privacy against external adversaries, while requiring trust in a singular entity (your VPN).

If you have concerns about the security of Tor, you can check out the IRC (freenode, #tor), the matrix bridge of said IRC or the Forum.

I am happy to talk to you about such topics, but i think another dedicated thread, would be better suited for that.

“Monitoring ISPs is another option, but this is much more costly because there are many more ISPs than VPNs.”

Is it really when the ISPs have been incorporated in the surveillance infrastructure?

Honestly: I think this should get it’s own thread…

Here is my take on this:

1. More data. They agencies doing this untargetted surveillance are drowning in data. Their problem is filtering out the noise, and when knowing that most interesting traffic goes through a VPN will make this traffic more likely to be held longer or analyzed with more ressources.
2. On your own soil you can do what you want, but good luck trying to surveil all ISPs in all countries as a non global adversary. Assuming your adversary is willing to employ black hat tactics and just hack into where necessary, it is much more manageable to hack into the hand full of big VPNs we have left then into all, foreign, possibly even nation owned ISPs.

And most imporantly: You still send out your packets over your ISP! They still can you tap your connection, and try to do their fancy correlation attacks at this location, so all you did is increase attack surface without a reasonable gain (imo).

ISP log, a good VPN provider doesn’t, so even if adversaries compromise all of the VPN providers servers, they would need continued undetected presence. Certain providers now offer diskless servers which further complicates this. It is far easier to compromise ISPs than a good VPN provider IMO.

Assuming all of this is true (which it might be, but i would not fully agree on that without further offtopic discussion)

As you said: This does not stop your ISP from logging.

The packets still go to through your ISP before arriving at the VPN, the proposed correlation attacks can be used despite the use of a VPN. The induced noise through padding of your VPN is negligible and pretty much irrelevant for the correlation attacks known to me.
We are talking about Tor traffic here, which holds very strong security guarantees completely without a VPN.

With a VPN you append at the very least one hop, usually a few more on your network route, creating at the very least one additional point where your traffic can be intercepted or even tampered with.

I am talking about attacks on privacy and anonymity here, so maybe you have other goals.

What would be the additional security/privacy/anonymity/feature that the usage of a VPN would add when using a Tor-over-VPN setting?

Thanks for you all kind support and opinions. All of your answers are possibly correct. Thanks for your considerations.

I see the only purpose of both a VPN and/or a Bridge is if you want yet another layer in front of your “real IP Address” for an outside attacker that lacks power/access to both the VPN and ISP (basically NOT a Nation State adversary nor a State sponsored/backed adversary)

Which is why I am still wondering if doing:
VPN to TOR to VPN will be worth the headache to access clearnet sites in a way to protect my IP Address as well as still somehow retain data integrity? As far as I understand though, the exit node and the last VPN could all initiate a man-in-the-middle or rather said adversary could compromise the packet between the clearnet site and the last VPN and/or exit node … with their own injection or man-in-the-middle attack … right? So while this protects the IP Address it still doesn’t seem to solve the data integrity in avoiding specialized tailor made attacks
(using TOR for clearnet already will fingerprint me but I am not concerned with that, what is concerning is that can then be used by my attacker to custom make a payload that gets transferred if they were to manipulate the data somehow either at the website level or at the last VPN or exit node level).