[mirimir]

The workstation VM has no route to the home router except through the Tor gateway VM. With Whonix, the gateway VM isn't even a NAT router. Plus there are iptables rules that block everything except Tor. The gateway VM only exposes Tor SocksPorts to the workstation VM. You'd need to break the network stack in the gateway VM in order to bypass Tor.

[houst0n_]

Right so can't I just add one then? Most vm setups I might have a default route to the other VM running tor but I can still talk to e.g 192.168.0.1 even if I'm not putting traffic through it.

Is this some kind of 'vm specific' virtual network which can't talk on the real lan? Is that implemented on the hypervisor?

[mirimir]

Yes, for Whonix it's a VirtualBox internal network. There's no direct routing through the host, only among VMs. You can do much the same on VMware.

Edit: I forget that I'm writing on HN. When I say VM, I'm referring to full OS-level VMs, not namespace, Java, etc VMs.

[houst0n_]

That sounds like a pretty neat setup. I know I can just google all this so please forgive me the inane questions; it depends on virtualbox though?

That's a bit of a nonstarter for a few of.

We probably aren't the target base for the project though so maybe it doesn't matter...

[mirimir]

Yes, it depends on VirtualBox. But there are versions for KVM, and for Qubes. More of a nonstarter, though. Or even using physical devices, such as Raspberry or Banana Pi.

Years ago, I created a LiveDVD with VirtualBox plus Whonix gateway and workstation VMs. I had to hack at both Whonix VMs to reduce size and RAM requirements. But I got a LiveDVD that would run with 8GB RAM. It took maybe 20 minutes to boot, but was quite responsive.