VPN over Whonix setup

sudo · October 1, 2021, 9:25am

I’m trying to setup VPN over tor. I am aware of the risks introduced by this but I need to access services that block tor exit nodes so this is the optimal solution for me.

I have a proxyVM setup with NetworkManager as according to this guide and I’ve made it fail-close as shown in step 5.

This works as a regular VPN but if I try to set its NetVM to sys-whonix, it fails to connect to any VPN servers. The browser in the proxyVM however is connected through tor.

I am using ProtonVPN. Maybe it’s not possible to connect from a tor exit node to the VPN servers?

Plexus · October 1, 2021, 10:06am

If your threat model requires machine → TOR → VPN provider → public internet then you need to bear in mind that TOR does not support UDP traffic - which is what most VPNs use and will default to.

You should use TCP as transport for any VPN you wish to connect to over the TOR network. If you use openVPN (and your VPN provider supports it) use ‘proto tcp’ in the config file instead of ‘proto udp’

sudo · October 1, 2021, 5:37pm

That makes a lot of sense. Thank you for the response!