Connections (Whonix)

The main Connections section guides the user on how to use stunnel, Tor and socat along with nymphemeral on Debian/Ubuntu. However if you are using Whonix, your connections are already made through Tor and following those same instructions would not only be unecessary, but would also create a Tor over Tor scenario, which is highly discouraged.

The good news is that these instructions are much simpler than the default ones, because Whonix already comes with some things set up for you.


stunnel adds TLS to your connections. You can install it with:

sudo apt-get install stunnel4

To configure stunnel, you can use the .conf file we provide with nymphemeral. Copy that file to the directory where stunnel looks for config files (which is usually /etc/stunnel):

sudo curl -o /etc/stunnel/stunnel.conf

Open /etc/default/stunnel4 and enable stunnel automatic startup by switching ENABLE to 1:

# Change to one to enable stunnel automatic startup

And start it with:

sudo service stunnel4 start

You should get the following message:

Starting SSL tunnels: [Started: /etc/stunnel/stunnel.conf] stunnel.


From the last sections of the .conf file:

client = yes
accept =
connect =

protocol = smtp
client = yes
accept =
connect =

Note that:

  • The NNTP client is used to download messages. Whenever it accesses port 119, stunnel will connect it to the NNTP server on, adding TLS.

  • The SMTP client is used to send messages. Whenever it accesses port 25, stunnel will connect it to the SMTP server at, adding TLS. According to Whonix’s documentation, there are two addresses mapped to SMTP servers running as hidden services:

    mapaddress k54ids7luh523dbi.onion
    mapaddress gbhpq7eihle4btsn.onion


You can use whatever NNTP/SMTP servers you would like. We chose to use those for convenience, but you are totally free to configure other ones or setup your own.

You can go to Mixmaster (Whonix).