Hi boistordu
Yes you can connect with non-anon-whonix VMs:
Hi boistordu
What help mail address are you referring to?
Yeah i’ve seen that but since this odd problem have some odd variations too… I wasn’t sure anymore.
with an answer from :
rt@rt.torproject.org
with content : No permission to create tickets in the queue ‘help’
retireve in
If your Tor doesn’t work, you should email help@rt.torproject.org. Try including as much info about your case as you can, including the list of bridges and Pluggable Transports you tried to use, your Tor Browser version, and any messages which Tor gave out, etc.
okey duly noted
and for that?
16:49:44 [WARN] Proxy Client: unable to connect to 192.36.31.251:56761 ("server rejected connection") [4 duplicates hidden]
and sorry to have put the address ip but I could really not do anything else since no one is taking that in consideration apparently.
This message happens for every single one ip address I put in the configuration file
Hi boistordu
-
What qubes (appvm or otherwise) do you have between sys-whonix and sys-net?
-
Do you have a any ports blocked on your lan or otherwise?
-
Did you make a config error?
You can also ask for help on http://tor.stackexchange.com
- original sys-net and sys-firewall. I’ve just changed to fedora-25-minimal’s template by downloading them with qubes-update and put them up-to date of course
- I have no odd network configuration but yeah my router blocks incoming new transmission like standard configuration, it’s not a DMZ if that’s what you mean ?
- I have checked the configuration of the tor user configuration file several times and checked it with whonix connection wizard and it checks out plus it is pretty simple. Only the first time I had done a typo error but that’s all. I’ve not changed anything else in whonix-gw beside put it up-to-date the first time.
I’m coming to this thread late. I don’t fully understand your issue. If you don’t mind, I’d like to start from the beginning:
Why do you want to use bridges?
Out-of-the-box meaning sys-whonix → sys-firewall → sys-net?
You had connectivity to Tor? Did Whonixcheck return any errors?
Why do you say “of course”? Why would you expect not to get long-term connectivity?
1 Like
Not suggesting you should try… But did you try if connections work for you without bridges?
Could you please try if you get a non-Whonix installation of Tor working with bridges? I mean, pretend you wouldn’t know about Whonix. Then use system Tor such as the tor package on Debian stretch. Does that work for you?
- If yes, then you should be able to reproduce the same with Whonix? Otherwise please report back here.
- If no, please sort out this issue as per Free Support for Whonix ™.
Okey no problem with that.
So out of the box, I didn’t get any connectivtiy more than a couple of minutes.
So to give you an example, if I needed to see let’s say a video tutorial on something in IT hosted on a website that I don’t trust fully (that’s my main usage of tor, using it to go to websites which from I don’t trust the code for example) of 10 minutes or so, I could’nt do so because for every one or two minutes I had to wait several minutes that sys-whonix find another circuit for me. Apparently I can’t stay on the same circuit for more than a couple of minutes, which makes the whole experience like hell.
And it’s the same with tails by the way.
So I look further and I’ve seen that bridges were a solution or at least it is presented as a step in the configuration of the sys-whonix. Not much like something optional. So I’ve done it and because that didn’t improve the situation, that I’ve gone seeing the arm controller where I’ve seen all these rejection.
and the ‘of course’ and ‘expected’ are because it’s presented on the website like that. From qubes but also from whonix. A bit like, “configuration for full connectivity are like this”, and not something like “The system should work out of the box but if it doesn’t please do the next step”
I’ve tried with tails, same problem… I mean about the bad connectivity.
I can of course try again but in the next couple of days only. Need some time to prepare a vm or two with different setups like for a lab test.
This is progress. As Patrick suggested, Whonix is a complex system with many moving parts. When troubleshooting, use the simplest configuration possible - plain Debian/Fedora connected to sys-net. Install Tor and get it working (without bridges if you don’t need them).
Once Tor is connected, test it by visiting sites that are known to be Tor friendly - torproject.org, whonix.org. Your issues may just be website-specific.
How are you monitoring Tor circuits? arm doesn’t label circuits with the associated destination. Use onioncircuits. (Debian-9 or Debian-8-backports).
I’ve done some tests but not every one of them.
install the tor browser in a windows 10 vm in qubes which goes trough sys-net then through sys-firewall, doesn’t give much of trouble. It connects directly without any problem in both case and didn’t seem to have connectivity problems through time.(needed extensive tests) .
I’m going to retry tails in qubes.
I still have problems with sys-whonix and connectivity which is pretty random.
Should I redownload the template of whonix-gw to be sure that there are no problems with it? And maybe test it whitout updating it and after updates ?
The connectivity problems are not website specific for sure.
I’m not monitoring to circuits, I didn’t monitor circuits yet, I’m going to use what you say. But it’s only pretty obvious the connectivity problems I get, it’s not like it has to change circuits and so need to reload for a few seconds or things like that. It’s more 2 minutes of connectivity -> 5 minutes down where no websites are accessible anymore -> then again 2 min of connectivity. It’s not like I could have a doubt about the problem.
So Tor Browser (without bridges) works inside
windows 10 -> sys-firewall -> sys-net?
“Doesn’t give much trouble?” Does it work or not?
If it works, then try
sys-whonix -> sys-firewall -> sys-net
Open arm and see what it says.
Why would there be problems? Did you make changes to anything in the template? The only thing the template should be used for is updates. You might want to re-create sys-whonix proxyVM depending on how much you changed the config.
Without updating? No. Whonix templates should always be kept up-to-date.
1 Like
not much of a trouble it was just an expression to say that besides the current windows 10 problem under qubes there was no problem with connectivity Tor->sys-firewall->sys-net
So I’ve cloned the 2 templates of whonix. Deleted the old ones. renamed the 2 vm (proxy +app). Redownloaded the templates. Recreated the 2 vm based on those template. And I’ve just launched it. Here what it did :
So we can both agree, because I redownloaded the template and put the system like out of the box… That clearly it doesn’t work out of the box on my system.
So I’m going now to update the template, and then install onioncircuits and give you the print screen about it.
Later I’m going to retest tails on that machine and see what happens.
Note: I redownloaded the template to see if without the template and without having done any modifications it did work or not like ti supposed to do.
I was hoping to have some connectivity over time but apparently not. So cna’t update, can’t install onioncircuits.
So here we are.
I could change the proxyvm of the template to go through sys-firwwall… But I would like to know what you think before to do so.
Please follow these minimal steps:
-
first, what version of Qubes are you running?
-
install whonix-gw template (skip this if you haven’t touched the template at all since your install today):
[user@dom0 ~]$ sudo dnf remove qubes-template-whonix-gw
[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-community qubes-template-whonix-gw -
create sys-whonix proxyVM:
[user@dom0 ~]$ qvm-remove sys-whonix
[user@dom0 ~]$ qvm-create -p -t whonix-gw -l red sys-whonix -
set sys-whonix’s netVM to sys-net (unless you have a good reason for using sys-firewall - in which case, that may be the issue):
[user@dom0 ~]$ qvm-prefs -s sys-whonix netvm sys-net -
now click on sys-whonix. click Start VM.
-
you will be presented with a dialog by Whonix Setup Wizard. Choose “I am ready to enable Tor.” Click Next.
-
in dom0 terminal:
[user@dom0 ~]$ qvm-run sys-whonix konsole -
wait a few minutes, then in sys-whonix konsole:
user@host:~$ cat /var/log/tor/log
paste results here. -
also, type
user@host:~$ date
and confirm that it returns the correct UTC date/time.
Current UTC — Coordinated Universal Time
1 Like
R3.2
1/passed
2/passed (because I follow the tutorial as described on the website which is the same thing) or maybe you have reason to believe that qubes manager ave some bugs related to that ?
3/That’s not a bad idea(never think about it because of the whole firewall spirit of qubes)!!! going to try it now… well… it’s not pretty, my boot strap stopped at 45 % too.
the max I can have, have done it 3 times, its 59%
sorry the logs are very ugly.
I did’nt had enough lines to put it here.
pastebinlog
and the date was close to 1 minute of the utc time so it’s not that.
so we are now more than 35 minutes later from the beginning of the operation.
I’ve finally the right to download the tor browser in anon-whonix. I m going to see if I can get to the end, which is very slow right now so I’m very doubting that.