Access Local Network, Host, or Clearnet Internet from VM
Advanced documentation detailing the process to connect from inside a VM to a server service running on the host, within the LAN, or clearnet internet.
Introduction[edit]
Consider File Transfer as a simpler alternative for standard requirements.
Prerequisite Knowledge[edit]
Access Host from within Whonix-Gateway[edit]
This example demonstrates using ssh
, but other methods may be substituted accordingly.
On the Host[edit]
Install the necessary server software; ssh
is illustrated as an example.
Install package(s) ssh
following these instructions
1 Platform specific notice.
- Non-Qubes-Whonix: No special notice.
- Qubes-Whonix: In Template.
2 Update the package lists and upgrade the system .
sudo apt update && sudo apt full-upgrade
3 Install the ssh
package(s).
Using apt
command line
--no-install-recommends
option
is in most cases optional.
sudo apt install --no-install-recommends ssh
4 Platform specific notice.
- Non-Qubes-Whonix: No special notice.
- Qubes-Whonix: Shut down Template and restart App Qubes based on it as per Qubes Template Modification .
5 Done.
The procedure of installing package(s) ssh
is complete.
If ssh
is utilized, its setup on the host (such as public key setup) and related issues are considered prerequisite knowledge and are out of scope for this documentation. This wiki chapter is focused on connectivity, not on server configuration details.
Inside the VM[edit]
Install the corresponding client software, e.g., openssh-client
.
1. Install openssh-client
.
Install package(s) openssh-client
following these instructions
1 Platform specific notice.
- Non-Qubes-Whonix: No special notice.
- Qubes-Whonix: In Template.
2 Update the package lists and upgrade the system .
sudo apt update && sudo apt full-upgrade
3 Install the openssh-client
package(s).
Using apt
command line
--no-install-recommends
option
is in most cases optional.
sudo apt install --no-install-recommends openssh-client
4 Platform specific notice.
- Non-Qubes-Whonix: No special notice.
- Qubes-Whonix: Shut down Template and restart App Qubes based on it as per Qubes Template Modification .
5 Done.
The procedure of installing package(s) openssh-client
is complete.
2. Optional: Configure a persistent home folder for the user clearnet
.
sudo mkhomedir_helper clearnet
3. Launch a shell under user clearnet
.
sudo -u clearnet bash
4. Disable stream isolation permanently or circumvent it temporarily, as needed.
client-software ip-address
Note:
- Substitute
ssh
with your client software of choice. - Replace
192.168.1.0
with the actual local LAN IP of the host. - Remove
.anondist-orig
if the command isn’t uwt-wrapped by default.
ssh.anondist-orig 192.168.1.0
5. Completion.
An SSH connection from within Whonix-Gateway to the host should now be established.
Access Host from within Whonix-Workstation[edit]
This scenario is currently undocumented and likely necessitates a complex setup with a high risk of clearnet leaks. See footnote. [1] Instead, users are recommended to explore SSH / SSHFS into Whonix-Gateway, [[File_Transfer#SSH_into_Whonix-Workstation™|SSH / SSHFS into Whonix-Workstation]], and SSHFS into Whonix-Workstation™.
Troubleshooting[edit]
- Check whether a configured host firewall is blocking connections to the service.
Forum Discussion[edit]
https://forums.whonix.org/t/how-to-connect-from-a-guest-whonix-gateway-to-a-proxy-client-running-on-a-host/8874
See Also[edit]
Footnotes[edit]
- ↑
Options could include:
- Less safe: Enabling IP forwarding inside Whonix-Gateway™.
- Safer: Opening an Incoming Port on Whonix-Gateway Firewall and running proxy software in Whonix-Gateway with user
clearnet
to allow forwarding to the host, LAN, or clearnet Internet.
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!