I’m trying to connect Gateway (Qemu/KVM) from Russia. I am using the same bridges that I use for the tor browser on the host machine, other VMs work perfectly fine. I haven’t changed the timezone, it’s set to UTC.
Here’s the output of systemcheck:
addgroup sdwdate systemd-journal
The user sdwdate' is already a member of systemd-journal’.
gcc /usr/libexec/sdwdate/sclockadj.c -o /usr/libexec/sdwdate/sclockadj -ldl -D_GNU_SOURCE -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro -Wl,-z,now
/usr/bin/whonix-gateway-firewall - OK: Whonix firewall loaded.
Finished Whonix firewall loader.
Started Whonix firewall watcher.
sdwdate - INFO - sdwdate started. PID: 775
sdwdate - INFO - Tor socks host: [127.0.0.1] Tor socks port: 9108
sdwdate - INFO - Running sdwdate main loop. iteration: 1 / 10000
sdwdate - INFO - PREPARATION:
sdwdate - INFO -
__ Status: First run after boot. (Creating file ‘/run/sdwdate/onion-time-script-after-boot’.)
__ anondate_use: Running ‘anondate-set’ (by creating file ‘/run/sdwdate/request_anondate-set’)…
sdwdate - INFO - PREPARATION RESULT: WAIT.
sdwdate - INFO -
____ ### START: ### /usr/sbin/anondate-set
____ INFO: Status file ‘/run/sdwdate/tor_certificate_lifetime_set’ does not yet exist.
____ INFO: Running anondate-get…
______ ### START: ### /usr/sbin/anondate-get
____ INFO: anondate-get returned Tor consensus middle range time or minimum time.
____ INFO: The ‘anondate-get’ time_result is earlier than the current system time, ok. Not setting clock backwards.
____ ### END: ### Exiting with exit_code ‘3’ indicating ‘Setting time using anondate either not possible or not required.’.
(the 4 lines above repeat infinitely)
I read those already and took the recommended steps. Now i ran anon-verify and noticed that there’s an error in the output:
ERROR: invalid file: ‘/etc/torrc.d/*.conf’
Used Tor Configuration Files
2 files are used as Tor configuration files:
/usr/share/tor/tor-service-defaults-torrc /etc/tor/torrc
I didn’t edit anything, I can’t understand why these three files:
/usr/local/etc/torrc.d/40_tor_control_panel.conf; /usr/local/etc/torrc.d/50_user.conf; /etc/torrc.d/95_whonix.conf
aren’t used as configs
## Do not edit this file!
## Please create and add modifications to the following file instead:
## /usr/local/etc/torrc.d/50_user.conf
%include /etc/torrc.d/*.conf
Here’s the contents of /usr/local/etc/torrc.d/40_tor_control_panel.conf:
# This file is generated by and should ONLY be used by anon-connection-wizard.
# User configuration should go to /usr/local/etc/torrc.d/50_user.conf, not here. Because:
# 1. This file can be easily overwritten by anon-connection-wizard.
# 2. Even a single character change in this file may cause error.
# However, deleting this file will be fine since a new plain file will be generated the next time you run anon-connection-wizard.
UseBridges 1
# Custom Bridge is used:
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy
Bridge obfs4 x.x.xxx.xxx:xxxx xxxxxxxxxxxx cert=xxxxxx
Bridge obfs4 x.x.xxx.xxx:xxxx xxxxxxxxxxxx cert=xxxxxx
DisableNetwork 0
and /usr/local/etc/torrc.d/50_user.conf only has comments.
(also, i tried using other relays that work on the host machine, they don’t work here either)
I just uninstalled the VM, downloaded and installed it again, following the official KVM guide on whonix org, launched the anon connection wizard, copypasted the bridges, didn’t touch a single file, and still can’t connect. Maybe I’m making some mistake when setting up the VM?
If any checksum is different or any file missing, please report that here.
(Is md5sum insecure here? No. It’s used a a simple integrity check to easily, quickly compare the file on my local Whonix-Gateway versus user local files. It’s not used as part of a signature.)
Whonix version - 16
Host OS - Linux Mint 21
QEMU emulator version 6.2.0 (Debian 1:6.2+dfsg-2ubuntu6.5)
Steps to reproduce: 1) Set up the VM; 2) launch the VM.
All files in the machine’s folder:
This means there was previously no issue starting Tor. Connection didn’t succeed but that’s a very different error from Tor not starting.
This is a very different error. No other users are reporting it. Hence I am asking. Still having that? If so, instructions how to reproduce how you ended up with that issue are required to be able to help further.
It gives me the terms of service, I accept them, the anon connection wizard opens, I choose “configure”, paste the bridges, don’t use proxy, and the connection starts and gets stuck at 20-45%.
Yes, still invalid file error
Also, anon-log returns this error:
NOTICE: Tor needs descriptors: Cannot read /var/lib/tor/cached-microdesc-consensus: [Errno 2] No such file or directory: '/var/lib/tor/cached-microdesc-consensus'. Trying again...
output for anon-info:
INFO: /etc/apt/sources.list.d/torproject.list does not exist.
INFO: version of the 'tor' package: 0.4.7.8-1~d11.bullseye+1
Don’t know if this is useful, but here’s the output for systemctl status tor@default
● tor@default.service - Anonymizing overlay network for TCP
Loaded: loaded (/lib/systemd/system/tor@default.service; enabled-runtime; vendor preset: enabled)
Drop-In: /lib/systemd/system/tor@default.service.d
└─40_obfs4proxy-workaround.conf, 50_controlsocket-workaround.conf
Active: active (running) since Fri 2022-11-04 15:52:45 UTC; 19min ago
Process: 2660 ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /run/tor (code=exited, status=0/SUCCESS)
Process: 2661 ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemo>
Process: 2669 ExecStartPost=/bin/kill -HUP ${MAINPID} (code=exited, status=0/SUCCESS)
Process: 2672 ExecReload=/bin/kill -HUP ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 2662 (tor)
Tasks: 10 (limit: 1099)
Memory: 33.6M
CPU: 40.283s
CGroup: /system.slice/system-tor.slice/tor@default.service
├─2662 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0
└─2663 /usr/bin/obfs4proxy
Nov 04 15:52:44 host tor[2662]: Nov 04 15:52:44.562 [notice] Opened HTTP tunnel listener connection (ready) on 10.152.152.10:9227
Nov 04 15:52:44 host tor[2662]: Nov 04 15:52:44.562 [notice] Opening HTTP tunnel listener on 10.152.152.10:9228
Nov 04 15:52:44 host tor[2662]: Nov 04 15:52:44.562 [notice] Opened HTTP tunnel listener connection (ready) on 10.152.152.10:9228
Nov 04 15:52:44 host tor[2662]: Nov 04 15:52:44.562 [notice] Opening HTTP tunnel listener on 10.152.152.10:9229
Nov 04 15:52:44 host tor[2662]: Nov 04 15:52:44.562 [notice] Opened HTTP tunnel listener connection (ready) on 10.152.152.10:9229
Nov 04 15:52:44 host tor[2662]: Nov 04 15:52:44.562 [notice] Opening Control listener on 127.0.0.1:9052
Nov 04 15:52:44 host tor[2662]: Nov 04 15:52:44.562 [notice] Opened Control listener connection (ready) on 127.0.0.1:9052
Nov 04 15:52:45 host systemd[1]: Started Anonymizing overlay network for TCP.
Nov 04 15:52:45 host systemd[1]: Reloading Anonymizing overlay network for TCP.
Nov 04 15:52:45 host systemd[1]: Reloaded Anonymizing overlay network for TCP.
/===================================================================\
| Report Summary |
\===================================================================/
No error detected in your Tor configuration.
Tor verify exit code: 0
/===================================================================\
| Tor Full Report |
\===================================================================/
Nov 04 16:38:33.724 [notice] Tor 0.4.7.8 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1n, Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.4.8 and Glibc 2.31 as libc.
Nov 04 16:38:33.724 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
Nov 04 16:38:33.724 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Nov 04 16:38:33.724 [notice] Read configuration file "/etc/tor/torrc".
Nov 04 16:38:33.727 [notice] Processing configuration path "/etc/torrc.d/*.conf" at recursion level 1.
Nov 04 16:38:33.727 [notice] Including configuration file "/etc/torrc.d/60_network.conf".
Nov 04 16:38:33.727 [notice] Including configuration file "/etc/torrc.d/65_gateway.conf".
Nov 04 16:38:33.727 [notice] Including configuration file "/etc/torrc.d/65_leak_tests.conf".
Nov 04 16:38:33.727 [notice] Including configuration file "/etc/torrc.d/70_workstation.conf".
Nov 04 16:38:33.727 [notice] Processing configuration path "/usr/share/tor/tor-service-defaults-torrc.anondist" at recursion level 2.
Nov 04 16:38:33.727 [notice] Including configuration file "/usr/share/tor/tor-service-defaults-torrc.anondist".
Nov 04 16:38:33.727 [notice] Including configuration file "/etc/torrc.d/95_whonix.conf".
Nov 04 16:38:33.727 [notice] Processing configuration path "/usr/local/etc/torrc.d/*.conf" at recursion level 2.
Nov 04 16:38:33.727 [notice] Including configuration file "/usr/local/etc/torrc.d/40_tor_control_panel.conf".
Nov 04 16:38:33.728 [notice] Including configuration file "/usr/local/etc/torrc.d/50_user.conf".
Nov 04 16:38:33.731 [warn] Option 'DisableNetwork' used more than once; all but the last value will be ignored.
Nov 04 16:38:33.731 [notice] You configured a non-loopback address '10.152.152.10:5300' for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Nov 04 16:38:33.731 [notice] You configured a non-loopback address '10.152.152.10:9040' for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Configuration was valid
ERROR: invalid file: '/etc/torrc.d/*.conf'
/===================================================================\
| Used Tor Configuration Files |
\===================================================================/
2 files are used as Tor configuration files:
/usr/share/tor/tor-service-defaults-torrc /etc/tor/torrc
=====================================================================
anon-log results in: NOTICE[Fri Nov 04 15:55:02 2022]: Tor needs descriptors: Cannot read /var/lib/tor/cached-microdesc-consensus: [Errno 2] No such file or directory: '/var/lib/tor/cached-microdesc-consensus'. Trying again...
Technical details:
Now it occurred to me that this might be happening in an old version of Whonix. (16.0.5.3)
This is likely fixed in Whonix 16.0.8.2 and above. But that Whonix build version isn’t available for Whonix KVM yet. I don’t have any ETA (estimated time of arrival) either because I am not a maintainer of Whonix KVM. But that’s just an output/textual issue of anon-info which cannot break connectivity. So this can be safely ignored. There’s no need to wait for Whonix 16.0.8.2. The textual/output issues might be fixed but the connectivity issue would likely still be the same.
In summary, the Tor daemon is running fine.
This is the main issue. A “simple” connectivity issue. Not an issue with the Tor daemon not properly starting.
In that case, not much help can be provided. Why? See:
The only option is to troubleshoot this according to the network troubleshooting instructions here: