My gateway seems to be configured correctly. Whonixcheck reports no problems. My workstation is vanilla Debian 8.0. It can ping the gateway, and it can also connect to the Internet using IP addresses (for example getting apt updates). But it cannot resolve domain names (whether onion addresses or clearnet names), despite having the gateway set as its name server.
Update: it spontaneously started working, then stopped again. I’m still not sure what is wrong. Restarting tor on the gateway doesn’t seem to be the cure.
It’s happening again. This time after I configure a new workstation, DNS fails for that workstation only. For the other workstations that were already setup, it is fine. Their network settings are identical (except for IP address, obviously). Restarting the gateway does not help. Restarting the workstation does not help.
Some kind of weird arp problem? I really don’t know.
It has now gotten even worse; it’s no longer just a problem with the transparent DNS; the transparent proxying is also not working for these workstations:
user@host:~$ ping 10.152.152.10
PING 10.152.152.10 (10.152.152.10) 56(84) bytes of data.
64 bytes from 10.152.152.10: icmp_seq=1 ttl=64 time=0.240 ms
64 bytes from 10.152.152.10: icmp_seq=2 ttl=64 time=0.226 ms
64 bytes from 10.152.152.10: icmp_seq=3 ttl=64 time=0.223 ms
^C
--- 10.152.152.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.223/0.229/0.240/0.019 ms
user@host:~$ dig +add +trace @10.152.152.10 www.google.com
; <<>> DiG 9.9.5-9+deb8u8-Debian <<>> +add +trace @10.152.152.10 www.google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
user@host:~$ curl 74.125.29.113
curl: (7) Failed to connect to 74.125.29.113 port 80: Connection timed out
But on an identically-configured workstation:
user@host:~/bin$ dig +add +trace @10.152.152.10 www.google.com
; <<>> DiG 9.9.5-9+deb8u8-Debian <<>> +add +trace @10.152.152.10 www.google.com
; (1 server found)
;; global options: +cmd
;; Received 17 bytes from 10.152.152.10#53(10.152.152.10) in 3 ms
user@host:~$ curl 74.125.29.113
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
Sorry to bump this after such a long time but I still have my original problem. The workstation has the gateway set in /etc/resolv.conf, and can ping the gateway, but DNS queries on the workstation aren’t working for some reason. I don’t know what else to try and would value any suggestions.
Other than changed IP address, is the new workstation from a fresh image? Any software installed? changes to firewalls? proxy tunnels?
The working workstations are connected to the same gateway, right?
It is from the self same image as other workstations that are working as intended. Literally nothing is different except for IP address, which has been incremented. They are not Whonix workstation images but vanilla Debian images.
The only thing that is weird about my setup is that the web interface I use to administer my VMs is Proxmox. I have two different bridges configured in Proxmox with some non-Whonix VMs attached to one of them, and the Whonix VMs attached to the other.