Let me start by thanking you for your replies! I really appreciate it.
I followed the instructions provided in the mentioned post, but I didn’t find anything mentioning iptable etc., but it wouldn’t be the first time for me to miss something. So I repeated the step. What’s the best way for posting logs here? I’ll try putting it into the details tag. This is on a cloned (i. e. fresh) gateway. I truncated it only a bit.
Log
-- Logs begin at Tue 2020-10-13 16:29:25 UTC, end at Tue 2020-10-13 16:33:31 UTC. --
Oct 13 16:29:25 host kernel: Linux version 4.19.0-10-amd64 (debian-kernel@lists.debian.org) (gcc version 8.3.0 (Debian 8.3.0-6)) #1 SMP Debian 4.19.132-1 (2020-07-24)
…
Oct 13 16:31:16 host audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=whonix-firewall comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Oct 13 16:31:16 host audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=whonix-firewall-restarter comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Oct 13 16:31:16 host systemd[1]: Started Whonix firewall loader.
Oct 13 16:31:16 host systemd[1]: Started Whonix firewall watcher.
Oct 13 16:31:16 host systemd[1]: Reached target Network (Pre).
Oct 13 16:31:16 host systemd[1]: Starting Raise network interfaces...
Oct 13 16:31:16 host firewall-restarter[684]: + set -e
Oct 13 16:31:16 host firewall-restarter[684]: + mkdir --parents /run/qubes-service
Oct 13 16:31:16 host firewall-restarter[684]: + mkdir --parents /run/sdwdate
Oct 13 16:31:16 host firewall-restarter[684]: + chown --recursive sdwdate:sdwdate /run/sdwdate
Oct 13 16:31:16 host firewall-restarter[684]: ++ mktemp
Oct 13 16:31:16 host firewall-restarter[684]: + inotifywait_subshell_fifo=/tmp/tmp.8LtAEKQ0hv
Oct 13 16:31:16 host firewall-restarter[684]: + rm --force /tmp/tmp.8LtAEKQ0hv
Oct 13 16:31:16 host firewall-restarter[684]: + mkfifo /tmp/tmp.8LtAEKQ0hv
Oct 13 16:31:16 host firewall-restarter[684]: + inotifywait_subshell_pid=700
Oct 13 16:31:16 host firewall-restarter[684]: + '[' -f /run/sdwdate/first_success ']'
Oct 13 16:31:16 host firewall-restarter[684]: + '[' -f /run/qubes-service/whonix-secure-proxy ']'
Oct 13 16:31:16 host firewall-restarter[684]: + read file_name
Oct 13 16:31:16 host firewall-restarter[684]: + wait 702
Oct 13 16:31:16 host firewall-restarter[684]: + inotifywait --quiet --recursive --monitor --event create --format %w%f /run/sdwdate/ /run/qubes-service/
Oct 13 16:31:16 host systemd[1]: Started Raise network interfaces.
Oct 13 16:31:16 host systemd[1]: Reached target Network.
Oct 13 16:31:16 host audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=networking comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Oct 13 16:31:16 host systemd[1]: Starting Tor control port filter proxy...
Oct 13 16:31:16 host systemd[1]: Started Additional protections for Tor onion services.
Oct 13 16:31:16 host audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=vanguards comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Oct 13 16:31:16 host systemd[1]: Starting Permit User Sessions...
Oct 13 16:31:16 host systemd[1]: Starting OpenVPN service...
Oct 13 16:31:16 host systemd[1]: Starting Anonymizing overlay network for TCP...
Oct 13 16:31:16 host systemd[1]: Started OpenVPN service.
Oct 13 16:31:16 host audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=openvpn comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Oct 13 16:31:16 host systemd[1]: Started Permit User Sessions.
Oct 13 16:31:16 host audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=systemd-user-sessions comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Oct 13 16:31:17 host systemd[1]: Condition check resulted in Light Display Manager being skipped.
Oct 13 16:31:17 host systemd[1]: Starting Ram Adjusted Desktop Starter...
Oct 13 16:31:17 host systemd[1]: Started Serial Getty on ttyS0.
Oct 13 16:31:17 host audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=serial-getty@ttyS0 comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Oct 13 16:31:17 host tor[735]: Oct 13 16:31:17.479 [notice] Tor 0.4.3.6 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.3.8.
Oct 13 16:31:17 host ram_adjusted_desktop_starter[736]: [INFO] If your host has little RAM, you are advised to reduce Gateway RAM to 256 MB. No graphical desktop environment will be started in that case. A Gateway without graphical desktop environment works as good as one with, it's just not that convenient. If you want, you can sometimes start a graphical desktop environment by toggling how much RAM is available to Gateway. Documentation about this feature can be found here: https://www.whonix.org/wiki/rads
Oct 13 16:31:18 host tor[735]: Oct 13 16:31:17.695 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Oct 13 16:31:18 host tor[735]: Oct 13 16:31:17.696 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Oct 13 16:31:18 host tor[735]: Oct 13 16:31:17.696 [notice] Read configuration file "/etc/tor/torrc".
Oct 13 16:31:18 host tor[735]: Oct 13 16:31:17.697 [notice] Included configuration file or directory at recursion level 2: "/usr/share/tor/tor-service-defaults-torrc.anondist".
Oct 13 16:31:18 host tor[735]: Oct 13 16:31:17.825 [notice] Included configuration file or directory at recursion level 2: "/usr/local/etc/torrc.d/".
Oct 13 16:31:18 host tor[735]: Oct 13 16:31:17.825 [notice] Included configuration file or directory at recursion level 1: "/etc/torrc.d/".
Oct 13 16:31:18 host tor[735]: Oct 13 16:31:17.825 [warn] Option 'DisableNetwork' used more than once; all but the last value will be ignored.
Oct 13 16:31:18 host tor[735]: Oct 13 16:31:17.826 [notice] You configured a non-loopback address '10.152.152.10:5300' for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Oct 13 16:31:18 host tor[735]: Oct 13 16:31:17.895 [notice] You configured a non-loopback address '10.152.152.10:9040' for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Oct 13 16:31:18 host ram_adjusted_desktop_starter[736]: [INFO] Trying to start login manager (graphical desktop environment) lightdm...
Oct 13 16:31:17 host systemd[1]: Starting Light Display Manager...
Oct 13 16:31:18 host tor[735]: Configuration was valid
Oct 13 16:31:18 host lightdm[752]: Error getting user list from org.freedesktop.Accounts: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.Accounts was not provided by any .service files
Oct 13 16:31:18 host audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=lightdm comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Oct 13 16:31:18 host systemd[1]: Started Light Display Manager.
Oct 13 16:31:18 host tor[753]: Oct 13 16:31:18.764 [notice] Tor 0.4.3.6 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.3.8.
Oct 13 16:31:18 host tor[753]: Oct 13 16:31:18.764 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Oct 13 16:31:18 host tor[753]: Oct 13 16:31:18.764 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Oct 13 16:31:18 host tor[753]: Oct 13 16:31:18.764 [notice] Read configuration file "/etc/tor/torrc".
Oct 13 16:31:18 host tor[753]: Oct 13 16:31:18.765 [notice] Included configuration file or directory at recursion level 2: "/usr/share/tor/tor-service-defaults-torrc.anondist".
Oct 13 16:31:18 host tor[753]: Oct 13 16:31:18.765 [notice] Included configuration file or directory at recursion level 2: "/usr/local/etc/torrc.d/".
Oct 13 16:31:18 host tor[753]: Oct 13 16:31:18.765 [notice] Included configuration file or directory at recursion level 1: "/etc/torrc.d/".
Oct 13 16:31:18 host tor[753]: Oct 13 16:31:18.765 [warn] Option 'DisableNetwork' used more than once; all but the last value will be ignored.
Oct 13 16:31:18 host tor[753]: Oct 13 16:31:18.766 [notice] You configured a non-loopback address '10.152.152.10:5300' for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Oct 13 16:31:18 host tor[753]: Oct 13 16:31:18.766 [notice] You configured a non-loopback address '10.152.152.10:9040' for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Oct 13 16:31:18 host audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=rads comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Oct 13 16:31:18 host audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=getty@tty1 comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Oct 13 16:31:18 host systemd[1]: Started Ram Adjusted Desktop Starter.
Oct 13 16:31:18 host systemd[1]: Started Getty on tty1.
Oct 13 16:31:18 host systemd[1]: Reached target Login Prompts.
Oct 13 16:31:18 host tor[753]: Oct 13 16:31:18.979 [notice] You configured a non-loopback address '10.152.152.10:9050' for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Oct 13 16:31:18 host tor[753]: Oct 13 16:31:18.979 [notice] You configured a non-loopback address '10.152.152.10:9100' for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
…
Oct 13 16:33:14 host vanguards[731]: NOTICE[Tue Oct 13 16:33:14 2020]: Vanguards 0.3.1 connected to Tor 0.4.3.6 using stem 1.7.1
Oct 13 16:33:14 host vanguards[731]: NOTICE[Tue Oct 13 16:33:14 2020]: Tor needs descriptors: Cannot read /var/lib/tor/cached-microdesc-consensus: [Errno 2] No such file or directory: '/var/lib/tor/cached-microdesc-consensus'. Trying again...
Oct 13 16:33:15 host vanguards[731]: NOTICE[Tue Oct 13 16:33:15 2020]: Vanguards 0.3.1 connected to Tor 0.4.3.6 using stem 1.7.1
Oct 13 16:33:15 host vanguards[731]: NOTICE[Tue Oct 13 16:33:15 2020]: Tor needs descriptors: Cannot read /var/lib/tor/cached-microdesc-consensus: [Errno 2] No such file or directory: '/var/lib/tor/cached-microdesc-consensus'. Trying again...
… repeating every second …
Oct 13 16:33:30 host vanguards[731]: NOTICE[Tue Oct 13 16:33:30 2020]: Vanguards 0.3.1 connected to Tor 0.4.3.6 using stem 1.7.1
Oct 13 16:33:30 host vanguards[731]: NOTICE[Tue Oct 13 16:33:30 2020]: Tor needs descriptors: Cannot read /var/lib/tor/cached-microdesc-consensus: [Errno 2] No such file or directory: '/var/lib/tor/cached-microdesc-consensus'. Trying again...
Oct 13 16:33:31 host audit[2448]: USER_ACCT pid=2448 uid=1000 auid=1000 ses=1 subj==unconfined msg='op=PAM:accounting grantors=pam_tally2,pam_permit acct="user" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
Oct 13 16:33:31 host sudo[2448]: user : TTY=pts/0 ; PWD=/home/user ; USER=root ; COMMAND=/bin/journalctl
Would I have looked closer in the first place, I probably would have noticed vanguards panicing about tor needing descriptors. The only files/folders existing in /var/lib/tor are authdir, keys, lock and state. I went and booted up the previous mentioned gateway (which had its iptables flushed once) … on which the needed files exist. If I could guess I’d say they didn’t before flushing iptables (duh).
If you want, it would be my pleasure to repeat the process with something debugging it.
Inside the Whonix-Gateway.
I should have mentioned: TBB works fine on the host. Whonix worked fine on this specific host with Virtualbox, from which I wanted to finally migrate. I say worked, because I unfortunately removed it already. Could reinstall if necessary.
And of course I don’t want to waste your limited time! I just thought it would be a good idea to share my problem. So thank you again for your time and for creating this project in particular.