The workstation VM has no route to the home router except through the Tor gateway VM. With Whonix, the gateway VM isn't even a NAT router. Plus there are iptables rules that block everything except Tor. The gateway VM only exposes Tor SocksPorts to the workstation VM. You'd need to break the network stack in the gateway VM in order to bypass Tor.
Right so can't I just add one then? Most vm setups I might have a default route to the other VM running tor but I can still talk to e.g 192.168.0.1 even if I'm not putting traffic through it.
Is this some kind of 'vm specific' virtual network which can't talk on the real lan? Is that implemented on the hypervisor?
Yes, it depends on VirtualBox. But there are versions for KVM, and for Qubes. More of a nonstarter, though. Or even using physical devices, such as Raspberry or Banana Pi.
Years ago, I created a LiveDVD with VirtualBox plus Whonix gateway and workstation VMs. I had to hack at both Whonix VMs to reduce size and RAM requirements. But I got a LiveDVD that would run with 8GB RAM. It took maybe 20 minutes to boot, but was quite responsive.
In theory breaking properly-configured Whonix would require a VM escape, pretty much the holy grail of exploits (a few have happened recently). The alternative is a complete break of Tor, which has proven unlikely.
Is there some network isolation going on which prevents that?