Thanks to both of you - now documented in the Security Guide. I stole your words/ideas where appropriate.
Anyway, on the upside, this is the best NSA Tor guard I’ve ever had. 
1 Like
Could you move it please here?
I think it fits better there. And mention from security checklist please?
In all seriousness, I think you should consider yourself lucky if you get a slow entry guard. What kind of honeypot operator would have constrained bandwidth and chase away users?
(If you run your own entry guard - Dingledine suggests doing this in one of his posts - does it need to be done anonymously?)
1 Like
Good point - will add it.
1 Like
I come back to you after some tests which I need to continue them to have a good general idea.
I wanted to come back to you for something more specific about this bootstrapping problem.
None of you have pointed out or reacted to one of my previous post.
The line where I got “server connection refused” and which I continue to get.
I would really want to clarify the situation about that to move forward with the problem. Don’t hesitate to correct me if one of you have already reacted on this.
By the way, I’m on version 0.3.1.8 for the moment.
From my humble position, I can say with pretty much confidence that nothing is magical in computer science. So any error message have been programmed before. This error message is pretty clear and must have been provisioned in very precised events in the code.
So first, where this message is coming from? Is there a if somewhere in the script of whonix where it is stated?
Second, does someone know exactly why a node from Tor would launch such a signal? Since this error message is always linked to an address ip^which is not mine, which is not from my network or anything related to me.
So why am I asking that? Because after a few weeks of not using whonix in qubesos because of this problem, I 've tried it and put it up to date and for some hours it has worked more or less in a normal way and then suddenly it stopped working. That does tell me that there is actually no really incompatibilities between my setup or equipment with the tor nodes but for what ever reason, the Tor Nodes are communicating something about me, like a signature or something else and banned me from using it. Because if not, this message would not have been created and if those were simply gateways where you want to do whatever you want with any equipment whatsoever, this message would have no reasons to exists and be present in some code somewhere.
So please someone, answer to those precise questions and be as specific as you can.
This is a long thread. Please make it easier for people to help by linking or including post numbers. I assume you’re referring to #15?
Servers can refuse connections for reasons that have nothing to do with you. They can be misconfigured, or down, or under DoS attack for example. What is the IP address in your log? a bridge?
This is not Whonix code. If you want to deep dive into the Tor source, better place to ask is on Tor mailing lists (ie tor-talk):
https://lists.torproject.org/cgi-bin/mailman/listinfo
[It is possible for individual relays to ban your specific IP. I’m nearly certain the Tor network (as a whole) has no mechanism for banning individual clients.]
1 Like
Ok if we are sure about that then it’s okey. And the message are not related to the same IP, it changes over time. Do you get some?
At least I can isolate problems now.
thank you for your answers. I will continue my tests.
So I’ve made some tests.
It is not vlan related, nor the switches.
I’ve tested on 2 different models of ubiquiti routers on default ports without any options activate, just default setup on those ports and it’s very likely that something in the firewall of ubiquiti drops packet or something which would be related to whonix but I don’t know why yet. So I will do some capture on the whonix proxyvm and see what it gives.
so here are the capture which are encrypted for obviously reason. So the ones who really want to investigate and help through this can ask me the password.
the names of the capture are normally enough to understand.
So there is one from the wifi from the iphone accesspoint in 4G
then there are 2 directly connected to a “by default” port on a ER5-POE (ubiquiti).
The first try is in the continuity from the connection from the wifi so I restart Tor and then do a whonixcheck.
The second try I completely shutdown the proxyvm and restart it with the command “sudo wireshark” and directly start the capture…
Each try on the ER5-POE does have 2 whonixchecks.
the proxyvm is up to date by the way.
Thanks in advance for all the help. I hope I didn’t let important information in the caputre but I can’t be sure so it would be very kind to anyone to let me know if I let things not supposed to be there.
And I hope that nobody will abuse of it.
here the link to the capture it’s encoded with openssl aes 256
caputre enc
by the way the goal here is to determine if the edgemax OS from ubiquiti is conflicting with the whonix transaction done in a qubes setup.
Hi boistordu
How are you planning on giving out the pasword if requested? Can’t post it on the open forum without everyone seeing it. Some people (anonymous users) would be hesitant about giving out an email address over the forum.
true but those experimented users and network devs who I need would be registered on those forums no?
Plus it’s simple enough these days to put a anonymous mail address and connect to it through tor no?
Anyway how do you propose that I do that then ?
this is sad that there is no some basic mail functionnality on this forum.
Anyway you can ask the password by mailing me to boistordu@protonmail.com
Mention your username from here just to be sure…
If my memory serves me correctly there used to be some kind of IM functionality but it was disabled for security reasons.
Just wanted to report in that I’m experiencing similar problems to the OP connecting to Tor. When researching the issue I came across this thread.
In Qubes 3.2 I had never had difficulty connecting to Tor from Whonix, until I switched my router from an old ASUS to this Ubiquiti EdgeRouter X.
I had followed the setup guide for the EdgeMax router here GitHub - mjp66/Ubiquiti
and I was unsure if those particular steps had somehow caused the Ubiquiti to impede connections to Tor. However, like the OP, I can easily access Tor, without modifying the torrc, in Windows 7 and Windows 10 HVMs.
To get sys-whonix to connect to Tor I can sometimes find success by adding obfs4 bridges in torrc. I never had success with bridges obtained from the web. I was only able to get in with bridges obtained via e-mail. That worked flawlessly for several weeks, but now those bridges are failing as well and adding more bridges has only worked sporadically. Eventually the connection is lost (usually after being connected for about 10 minutes or so).
Following this thread I tried moving the sys-whonix from the default
sys-whonix → sys-firewall → sys-net to
sys-whonix → sys-net
That seemed to work for a bit, but then eventually failed.
I can sometimes access Tor by switching between a torrc that contains 20+ obfs4 bridges, and a torrc that doesn’t use bridges at all. Sometimes I can do this by altering the torrc and using the sighup x command in Arm. Other times I restart Tor or restart sys-whonix completely.
I can run whonixcheck from the anon-whonix AppVM, but not from sys-whonix. From sys-whonix I recieve an error:
"WARNING: Tor Check Result: Tor is disabled. Therefore you most likely can not connect to the internet.
(Debugging information: Could not find DisableNetwork 0 in /etc/tor/torrc.)
Please close this window and enable Tor using Whonix Setup!
dom0 → Start Menu → ServiceVM: sys-whonix → Whonix Setup
or in Terminal: sudo whonixsetupor manually (If you know about the public Tor network!) and open /etc/tor/torrc with root rights (dom0 → Start Menu → ServiceVM: sys-whonix → Torrc) and set:
DisableNetwork 0
Then run whonixcheck again."
However, torrc clearly has “DisableNetwork 0”
So finally I had time and money to get some more equipment.
I’ve installed whonix 13 and now whonix 14 under kvm under a fedora workstation 28.
No problem with tor anymore. IT’s not very fast but that’s inherent to tor network.
@bill I resolved, I think the problem, because of contacting ubiquiti support and they made some firmware update as you could see also I’m sure. The 1.10.5 seems to work.
From their feedback, it seems that it was a bug in PPPOE since they experienced no problem at all when they were conencting through cable coax connection.
The problem is not 100% resolved but at least it’s functionnal now.
I’ve tested under the equipment Edgerouter ER8 PRO and ER6Poe. Maybe you can give us some feedback with ubiquiti edgerouter X?