Adding vcpu's to Whonix-Gateway?

Using only 1 core, Gateway sometimes freezes. It’s safe to add more vcpu’s to Whonix-Gateway ?

And whats the difference between vcpu tag defaults cpuset=“0” (on gateway) and cpuset=“1” (on workstation)

I have the same question. It’s not just me. Only one thread (cpu1) is allocated to Gateway so it runs at 100%. The software processing load demands more than one thread. I am using the newest, most powerful Intel 12th generation physical cpu. How did the software ever function properly for earlier, older cpus? check.torproject works instantly but onions take forever to load or do not load at all. KVM is just for hexchat, wallet, and maybe thunderbird? I have made the latest updates to both the Gateway and Workstation. There must be a way to configure KVM to allocate more threads and, yes*, distribute processing load. There are 3 vcpus allocated in VirtualBox and that works smoothly. Answers appreciated.

  • There is no way people know non-delusional who and the questions aren’t stupid. It’s just a genocidal gang engaged in fantasy because they do not control for bias like all law and science. I don’t care about one-sided slanders from who benefits from the exploits. Freemasonic scions don’t actually exist, only mathematical proofs. Write a paper for Free Haven and come back!

There is a way. check /wiki/KVM#Adding_vCPUs
I always add more vcpu’s to Whonix-Workstation.
Just curious if it’s safe to do same on Gateway.

All the time ? For me it’s working normally, just sometimes it goes to 100% and freezes.

So I’ve done some looking around and this is what I found.

When I try to change the number of vcpus in KVM with the “virtual machine details” tab on the GUI it says:
“Error launching details: host does not support domain type kvm with machine . . . for virtualization type hvm with . . .”

When I use CLI sudo virsh edit Whonix-Gateway - the problem is that I’m not sure what the syntax of the editor is; how do I delete, insert, and save? It is not ctrl-x y ctrl-m like Hulahoop had written.

< vcpu placement=‘static’ cpuset=‘0’>1</ vcpu>
should be
. . . >3</ . . . three vcpus should be enough, right?

I should not just delete cpuset=‘0’>1< /vcpu> either, since I can’t configure the GUI machine details?

Yes. I’ve used Qemu/KVM in the past and I know it works well if properly configured. I think if I knew how to virsh edit and just substituted 1 with 3 then it might work.

Acts strange. Just now, start service tor wouldn’t work but it had before and yet systemctl start tor.service would. What command do you use to start Gateway tor?

Whonix ™ for KVM chapter Editing an Imported Machine’s XML Configuration in Whonix wiki
(Updated just now.)


I thought the problem was that there were not enough vcpus allocated to the Gateway. I increased from 1 to 3. CPU1 (thread) is still running at 100%, so if I increase the number of vcpus with virsh, it doesn’t translate into allocating more threads to distribute that percentage more evenly and thus reducing fan speed.

But it looks like (if I forget about the constant high fan noise) that the functionality question has to do with the Control Port not being opened on the Gateway. Shouldn’t that already be configured? How should I edit the torrc on Gateway CLI? Then the Workstation can’t sdwdate sync because the Control Port is closed, right?
. . .
onion-time-pre-script detected error status
. . .


Tor Documentation for Whonix ™ Users chapter Edit Tor Configuration in Whonix wiki

The Tor ControlPort is closed if Tor on Whonix-Gateway isn’t running because of invalid configuration due to invalid user edits. First run systemcheck on Whonix-Gateway. If it doesn’t pass and show that Tor isn’t running or Tor configuration issues, then no need to look into Whonix-Workstation. As long as there are issues in Whonix-Gateway, that’s a definitive blocker and then Whonix-Workstation connectivity will be broken. The ControlPort being unreachable message in Whonix-Gateway is just a follow-up symptom. The root issue is most likely Tor configuration issues on Whonix-Gateway.

The ControlPort issues however are completely separate form the original question in this forum thread by the topic starter. Therefore please don’t change the topic and move this elsewhere.

Didn’t edit anything. Just followed the installation instructions for KVM as I did for VirtualBox. If I edited the torrc myself, that would be an edit. That means installation downloads can be disrupted / injected / interfered with, wouldn’t it?

No. This is jumping to conclusions similar to:
Clock Attack (swdate not correct on original and clone) - #4 by Patrick

KVM installations instructions are lengthy and complicated. I’d say these are for advanced users only. There could be localized software configuration issues or even hardware specific issues. If KVM works for you, great. If it doesn’t, feel free to post here but as you can see there’s very limited deep troubleshooting and user support available here if you run into a complex issue.

It would probably require several weeks or months of self-education to acquire the technical skills to understand and fix this. If you like to dig deep into this, consider joining a (local or remote) Linux user group to learn more about Linux. If/when you’re able to create your own Whonix from scratch, chances are great you’d be able to analyze and fix this specific issue too.

Not sure how realistic that is but better than keep you hanging and wondering if you’re being specifically targeted by powerful adversaries. Could be the case in theory but as said, I don’t see evidence for that. Just complex software and usability issues.

Might be useful too to learn how malware actually works. There are videos on youtube etc. showing demonstration of trojan horses. Computer compromise by malware doesn’t work in ways that users can witness. Not by looking at some logs or by having weird issues. It’s completely invisible to the user sitting in front of it. Meanwhile, if infected by a trojan horse, the attack can upload/download any file.

An update in the name of Science…
If I run manually the following commands on both the Gateway and the Workstation, at least TBB will work for a few minutes. The clock will then display the correct time and agree with the host.
. . .
echo “Apr 20 xx:xx:xx UTC 2023” | sudo clock-random-manual-cli
sudo service sdwdate restart
sudo service tor restart
. . .
So now I can say for certain that the dysfunction is due to a sdwdate blockade. The clocks of all the debian-based virtual machines on my host are off by a few minutes and only a few minutes is enough to make TBB inoperable.

I wish I could find a local group. I will keep looking. I thought I would share that TBB in the workstation can work if the clock is set manually on both the gateway and workstation. I don’t know if this helps determine a root cause but it’s a start.

Trojans can infiltrate multiple VPNs? How would the VPN not notice foreign traffic? Would side-channels be too far fetched a possibility? Would you recommend something like clamav for the host?

VPNs - by concept - do not (and are not trying, not supposed to) protection from Vulnerability (computing) - Wikipedia and/or Exploit (computer security) - Wikipedia.

To rephrase the question from negative to positive:
How would the VPN notice foreign traffic?

VPNs by concept don’t have a an analysis layer of native versus foreign traffic. That’s not a standard feature of VPNs.

Neither would it be desirable. How can I say that? Wouldn’t that be great if VPNs would protect from exploits and block malicious traffic? No. Quote Unix philosophy - Wikipedia : “Write programs that do one thing and do it well.”

VPN software does one thing. And hopefully doing that one thing well. That one thing is connecting one computer to another. Full stop.

Malware analysis, traffic analysis, if sensible by concept, should be implemented as part of different specialized tools.

I think so. Too far fetched. Because an attacker in position to tamper with your local time by doing local code execution doesn’t even need to tamper with your local time. A Trojan horse (computing) - Wikipedia can just record all keystroke, mouse movements, display contents, download/upload any file similar to a human sitting in front of it. With the difference that the torjan can do it without the user even noticing.

That’s a contentious topic, see:
Malware, Computer Viruses, Firmware Trojans and Antivirus Scanners chapter The Utility of Antivirus Tools in Kicksecure wiki

And that’s also a general security question. Unspecific to Whonix. → Information Booster might be Available! → I recommend to research all of the pro and anti antivirus arguments, research, discussions. This topic has been discussed for decades on the internet.

But with the adversaries that you have in mind, I doubt that such software can help.