[quote=“Patrick, post:7, topic:2601”] this post
https://labs.riseup.net/code/issues/8243#note-12 - /etc/hosts …
That’s how he made it work. Should work in Whonix as well. [/quote]
Tested on Whonix13 with obfs4proxy updated to 0.0.7 and Whonix14,
both successfully connected to the Tor network. My configuration:
220.127.116.11 a0.awsstatic.com ## End of meek_lite specific
DisableNetwork 0 UseBridges 1 ClientTransportPlugin meek_lite exec
/usr/bin/obfs4proxy Bridge meek_lite 0.0.2.0:2
Wondering, is it possible to use IP addresses rather than hostnames in
torrc? So we could avoid editing /etc/hosts.
[quote=“Patrick, post:7, topic:2601”] For testing… Login as user
sudo -u debian-tor bash
Check if DNS resolution is functional.
nslookup whonix.org [/quote]
In both tests, I did the two commands above and I was getting an
debian-tor@host:/home/user$ nslookup whonix.org
;; connection timed out; no servers could be reached
I also enabled the Transparent Proxy on Whonix-Gateways following:
And then tried again. But I still got the error.
Did I do something wrong?
No. My mistake. These instructions don’t make sense here.
Go to a non-Whonix VM. Figure out your nameserver settings.
Got to sys-whonix and replace its /etc/resolv.conf with the settings
from your non-Whonix VM.
sudo -u debian-tor bash
nslookup torproject.org etc. will work. Just now tested.
That gives Tor full DNS access.
[quote=“Patrick, post:7, topic:2601”] Basically by amending
/etc/hosts we can preseed the IP result of DNS lookups. At the price
of slower updates than IPs would generally update. [/quote]
If this is the approach we decided to adopt, I can keep an eye on
this and pull request when the IPs are changed.
[quote=“Patrick, post:7, topic:2601”] Just /etc/resolv.conf on
Whonix-Gateway intentionally is dysfunctional. But that’s not so
important. We could have functional /etc/resolv.conf for user
debian-tor, functional DNS for Tor, [/quote]
[quote=“Patrick, post:7, topic:2601”] Perhaps the above wiki links
are not even required. Tor is allowed to issue any traffic. [/quote]
Please forgive my ignorance, the hostname need to be resolved so that
we can connect to the Tor network. Therefore, we can not use send the
DNS request over Tor successfully in this case? In other words, we
had to send the DNS request for resolving
What above - new - instructions do is: allow Tor do resolve DNS using
clearnet with your usual DNS settings that any clearnet VM would be
using. I will think about this more, but I don’t think this has any
- when Whonix-Firewall would be broken plus at the same time its fail
closed mechanism not work
- and when the user is trying to use Whonix-Gateway as a workstation
- then the user would be using clearnet
Thank you very much for your guidance, Patrick!
You’re very much welcome!