All traffic originating from [[Whonix-Workstation|{{project_name_workstation_long}}]] and [[Whonix-Gateway|{{project_name_gateway_long}}]] is routed over [[Tor]]. [
Starting from {{project_name_short}} version ]0.2.1
, traffic from {{project_name_gateway_short}} is also routed over Tor. This approach conceals the use of {{project_name_short}} from entities monitoring the network.
[
For preserving the anonymity of a user's {{project_name_workstation_short}} activities, it isn't essential to route {{project_name_gateway_short}}'s own traffic through Tor.
] [
For those interested: Altering DNS settings on {{project_name_gateway_short}} in ]/etc/resolv.conf
only impacts DNS requests made by {{project_name_gateway_short}}'s applications that utilize the system's default DNS resolver. By default, no applications on {{project_name_gateway_short}} that generate network traffic utilize this default resolver. All default applications on {{project_name_gateway_short}} that produce network traffic (like apt, [https://www.kicksecure.com/wiki/Systemcheck systemcheck], [[sdwdate]]) are explicitly configured, or force by uwt wrappers, to use their dedicated Tor SocksPort
(refer to [[Stream Isolation]]).
[
{{project_name_workstation_short}}'s default applications are configured to use dedicated Tor ]SocksPorts
(see [[Stream Isolation]]), avoiding the system's default DNS resolver. Any applications in {{project_name_workstation_short}} not set up for stream isolation - such as nslookup
- will employ the default DNS server configured in {{project_name_workstation_short}} (through /etc/network/interfaces
), which points to {{project_name_gateway_short}}. These DNS requests are then redirected to Tor's DnsPort by the {{project_name_gateway_short}} firewall. Changes in {{project_name_gateway_short}}'s /etc/resolv.conf
don't influence {{project_name_workstation_short}}'s DNS queries.
[
Traffic produced by the Tor process, which by Debian's default operates under the user ]debian-tor
originating from {{project_name_gateway_short}}, can access the internet directly. This is permitted because Linux user account debian-tor
is exempted in the [[{{project_name_gateway_short}}_Firewall|{{project_name_gateway_short}} Firewall]] and allowed to use the "regular" internet.
[
Tor version ]0.4.5.6
(with no changes announced at the time of writing), the Tor software predominantly relies on TCP traffic. For further details, see [[Tor#UDP|Tor wiki page, chapter UDP]]. For DNS, please refer to the next footnote.
[
Tor doesn't depend on, nor uses a functional (system) DNS for most of its operations. IP addresses of Tor directory authorities are hardcoded in the Tor software by Tor developers. Exceptions are:
* Proxy settings that use proxies with domain names instead of IP addresses.
* Some Tor pluggable transports such as meek lite, which resolves domains set in ]url=
and front=
to IP addresses or snowflake's -front
.