{{Header}} {{#seo: |description=Using {{project_name_workstation_long}} with a Gateway Other Than {{project_name_gateway_long}}. |image=Gatewayother2532158640.jpg }} [[File:Gatewayother2532158640.jpg|thumb]] {{intro| Using {{project_name_workstation_short}} with a Gateway Other Than {{project_name_gateway_short}}. }} {{stub}} = Potential Issues When using A Custom Gateway = TODO: document * Gateway IP Change required? See chapter below. * Tor Control Protocol Access. See chapter below. * Custom gateway might not provide all the Tor SocksPorts that {{project_name_gateway_short}} provides. Fixable by adjusting Tor configuration of the custom gateway. * Custom gateway might not provide [[Stream_Isolation#Transparent_Proxy|transparent proxying]]. This might be intended if the user prefers an [https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorifyHOWTO/IsolatingProxy IsolatingProxy] setup. = Gateway IP Change = [[Dev/git#grep_{{project_name_long}}_source_code|grep the {{project_name_long}} source code]] for the following search term. {{CodeSelect|code= IP HARDCODED }} For example. (Creation of the mygrep script is documented in above link.) {{CodeSelect|code= mygrep -r "IP HARDCODED" }} Perhaps IP change can be avoided with some iptables trick? Forum discussion: https://forums.whonix.org/t/network-changing-the-complete-16/10586 = Tor Control Protocol Access = Two options. Either: * Allow filtered Tor control protocol access through onion-grater. * unfiltered Tor control protocol access. A compromised workstation with unfiltered Tor control protocol access can acquire the real external cleranet IP. Tor control protocol command GETINFO address * No Tor control protocol access. This would break some functionality. Which applications require Tor control protocol access? * Tor Browser new identity feature * A list of applications which are currently require Tor control protocol access can be found here: [[Special:WhatLinksHere/Template:Control_Port_Filter_Python_Profile_Add]] * [https://github.com/Whonix/onion-grater/tree/master/usr/share/doc/onion-grater-merger/examples onion-grater example profiles] * [[sdwdate]] https://github.com/Whonix/anon-gw-anonymizer-config/blob/master/etc/onion-grater-merger.d/30_whonix-default.yml * [https://www.kicksecure.com/wiki/Systemcheck systemcheck] == Filtered Access using onion-grater == [[Undocumented]]. == Unfiltered Access not using onion-grater == This setting comes from Debian system Tor upstream package default file /usr/share/tor/tor-service-defaults-torrc. {{CodeSelect|code= CookieAuthFile /run/tor/control.authcookie }} The file location for this file is non-ideal since it will change at every boot. By re-configuring Tor on the other gateway to use a different file location the contents of this file might be constant. Untested. On the {{project_name_workstation_short}} package anon-ws-disable-stacked-tor script /usr/lib/anon-ws-disable-stacked-tor/state-files copies at boot /usr/share/anon-ws-disable-stacked-tor/control.authcookie to the right places. By copying the control.authcookie file from the gateway to {{project_name_workstation_short}} /usr/share/anon-ws-disable-stacked-tor/control.authcookie one might be able to have Tor cookie authentication. Contents of /usr/share/anon-ws-disable-stacked-tor/control.authcookie will be overwritten when package anon-ws-disable-stacked-tor is upgraded. Therefore this exercise might be a bit pointless. A better solution might be to use Tor Browser control protocol authentication using a Tor control password rather than Tor control auth cookie. {{Open with root rights|filename= /etc/X11/Xsession.d/50user }} Paste the following contents. {{CodeSelect|code= ## see also /usr/lib/anon-ws-disable-stacked-tor/torbrowser.sh ## See workstation file ~/.tb/tor-browser/Browser/start-tor-browser ## or Tor Browser file Browser/start-tor-browser script for comment ## why quoting looks weird. export TOR_CONTROL_PASSWD='"password"' ## Overwrite what /usr/lib/anon-ws-disable-stacked-tor/torbrowser.sh / ## /etc/X11/Xsession.d/20torbrowser is doing. export TOR_CONTROL_IPC_PATH="/run/anon-ws-disable-stacked-tor/127.0.0.1_9151.sock" }} Save. This would have to be combined with Tor setting HashedControlPassword on the other gateway. Untested. = References = {{reflist}} {{Footer}} [[Category:Documentation]]