Whonix IP Leak?

Update:
I just wanted to make clear that I am NOT using the torbrowser to check my IP as this introduces an additional layer of redundancy (to my understanding). Instead, I used the terminal browser “links” to check my public IP.

Issue:
After running some tests, I believe that it is possible to get a users real IP address even when using “sys-whonix” as the networking qube. I have no idea exactly how this is possible.

Further details:
I was lead to believe there was a IP leak related to the use of “sys-whonix.” I performed a number of tests, and was only able to see my real IP using IP checking websites. I believe this may be related to enabling “Provides network” and then toggling it off and back on, but I have no idea how or why it would then expose my real IP.

Does QubesOS have a default option to “fall-back” to a different networking qube in the event that the current networking qube fails? Maybe something related to the “Default net qube?” That is the only possibility for why it would leak my IP instead of just failing to route as I assume it is intended to, or maybe I just do not understand how this was intended to work?

Steps to recreate:

1. Create a new qube (appVM) based on the whonix-workstation-17 template, set the “Network Connection” to “sys-whonix,” and in advanced settings enable “Provides network access to other qubes.” Name it whatever you want.

2. Check public IP address through that new qube. (I installed links and then ran “$ links ipleak.com”). If it shows a tor node IP (as it should): shutdown the qube, boot it back up, and recheck your public IP.

Bonus: If you see your real public IP, you can restart tor through the “tor-control-panel” while the qube is active, this issue is fixed and your public IP should be a tor node. (though this should probably not be relied on)

At this point you should see your public IP, any qubes routing through this qube should also show your public IP. Thankfully, qubes using “sys-whonix” that do NOT have the “Provides network” option enabled do not seem to have this issue.

I would like to use a qube to act as a firewall between “sys-whonix” and my appVM so that I can use a VPN and tor together.

Any advice on this issue would be greatly appreciated! Thank you!

-Can

So, you got your real public IP after the second try?

I have sys-net → sys-firewall → sys-vpn → app-qube and testing sites in app-qube did not report any leaks

Whonix specific trouble?

I can’t reproduce it, here is how I tested it:

1. On, Qubes OS 4.2, I created a new qube providing network, based on whonix-workstation-17 and using sys-whonix as a netvm
2. I started tor browser in that test qube, opened https://check.torproject.org/ and it was using tor
3. In the qubes list systray widget, I restarted the test qube
4. I started tor browser in that test qube, opened https://check.torproject.org/ and it was still using tor

Neither can I.

Likewise, I was unable to replicate after following the OP’s procedure.

Using the torbrowser does not seem to have this issue. Maybe because it establishes its own tor connection? In other words, redundancy?

I was able to get my public IP by using the terminal based browser “links” which implies that the qube itself does not send ALL traffic through tor, which was my understanding of how this was meant to function.

Sometimes on the first try, but yes, I can see my real IP.

Apologies to everyone

After running some additional tests I realize that I made a logic and networking mistake. It seems that “sys-whonix” is likely working as intended.

Once more, I am very sorry for the false red flag. Have an excellent rest of your day.

-Can

Could you share what was the mistake? I would like to understand what happened, not to shame or blame you.