Gateway support - Whonix and Invizbox
Originally created by @sampalmer on #16111 (Redmine)
Tails is amnesic, and there are not many (if any) other secure amnesic options out there. However, many security researchers rate whonix-gateway to be much more secure than Tails internal Tor support/handling. I would like the best of both worlds.
Tails would detect if traffic is being directed through Tor. If that check is done using an onion link, there is still a huge risk of a man in the middle, between Tails and Gateway. Ideally, there would be a VPN connection from Tails to the separate Gateway host.
Without a secure way to automatically detect a gateway, and disable an on-host tor connection, I recommend the addition of a new boot-option which activates the external gateway mode of operation.
This feature is probably quite a significant change. I would recommend it as a major version feature, and inclusion of Whonix-Gateway virtualised within Tails. This would mean both Tails desktop, and the virtualised Whonix-Gateway would be amnesic. The user would then be able to optionally disable the internal Whonix-Gateway if they have a separate gateway host/device. Or if Tails is being run within QubesOS with a separate Whonix-Gateway VM.
see, and
(There didn’t seem to be a specific feature request for this. I did try searching. There was mention of Whonix in some issues, but none which seem to focus squarely on it.)
Related issues
- Related to #12403 (closed)
- Is duplicate of #5748