Whonix-Gateway ™[edit]

Whonix-Gateway ™ MUST NOT be ever used for anything other than running Tor on it.

If this machine is compromised the identity (public IP), all destinations and all clear-text (and onion service) communication over Tor is available to the attacker.

Our first goal in securing the Whonix-Gateway ™ is minimizing its attack surface. By installing a "minimal system", the only attack surface to an remote attack is Tor itself, apt, onion-grater and sdwdate. You can verify this with netstat.

Security features that do not prevent exploitation but only restrict what exploits can do, such as chrooting or sandboxing, do not make much sense: A compromise of Tor already results in a compromise of everything the user cares about.

Compile time hardening (see Bug #5024: compile time hardening of TBB (RELRO, canary, PIE) ^[archive]) should be done by the Tor package contributor and is beyond the scope of Whonix ™.

Debian is a good compromise of security and usability. More secure and hardened Linux or BSD based options do exist but they require too much work and/or maintenance to be considered for Whonix ™. The Dev/Operating System design page elaborates on that topic.

Having said this, you are welcome to use your own distro. The Whonix ™ design is distro agnostic. You just won't be able to thoughtlessly copy and paste commands or to use the source without modifications.

Graphical Whonix-Gateway ™ benefits over Headless Whonix-Gateway ™[edit]

In the non-graphical version of Whonix-Gateway ™, it is difficult for users who have never used Linux before to complete tasks like upgrading or configuring obfuscated bridges. Many activities are simpler and easily accessible in a graphical Whonix-Gateway ™, such as:

Setting up bridges.
Auditing logs.
Auditing iptables.
Auditing the system architecture in general.
Running Essential Whonix ™ Functionality Tests.
Running Leak Tests.
Editing the Tor configuration
Editing the Whonix-Gateway ™ firewall settings
Reading status messages (systemcheck and sdwdate).
Changing the Tor circuit.
Copying and pasting (configuration) commands, (error) messages and logs.
Running tshark / wireshark.
Tunneling only Whonix-Gateway ™ traffic through a VPN.

A black, text-only window (terminal) is intimidating for normal users. A graphical desktop environment is also a prerequisite for further planed improvements, such as the proposed graphical Whonix ™ Controller ^[archive] which will provide buttons such as:

"Create hidden blog", which creates a pre-configured blog.
"Backup onion service keys".
A Better Circumvention User Interface ^[archive].
And more.
Also, terminal-only environments can be impractical for users with disabilities.

Headless / CLI (Terminal) Whonix-Gateway ™[edit]

Non-Qubes-Whonix only.

If a user believes the graphical Whonix-Gateway ™ is using too much RAM, or if a terminal version of Whonix-Gateway ™ is generally preferred, then headless Whonix ™ is available: see Whonix ™ for VirtualBox with CLI.

Alternatively, Whonix ™ for VirtualBox with XFCE RAM can be reduced to 256 MB and RAM Adjusted Desktop Starter will automatically boot into a terminal version of Whonix-Gateway ™.

When building Whonix ™ images from source code, both Whonix ™ VirtualBox and Whonix ™ KVM support build script parameter --flavor whonix-gateway-cli. ^[1]

Footnotes[edit]

↑ Equivalent for Whonix-Gateway ™ --flavor whonix-workstation-cli also exists.

Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.

	100px
Fosshost	About Advertisements

Follow:

Support:

Donate:

Are you proficient with iptables? Want to contribute? Check out possible improvements to iptables. Please come and introduce yourself in the development forum.

Priority Support | Investors | Professional Support