Freenet on Whonix 14 using VPN

patoko · February 10, 2019, 10:40pm

Hello.

I am currently running Freenet on Whonix 13. This requires me to use a VPN inside the Workstation. I always set this up by adding uwtwrapper_global=“0” to /etc/uwt.d/50_user.conf and TOR_TRANSPROXY=1 to /etc/environment (i.e. the first two steps on Connecting to Tor before a VPN). I would then be able to connect to my VPN using the official client from the VPN provider (which has a specific option for connecting to the VPN over Tor) and Freenet would just work.
I can’t get the same to work on Whonix 14.
When trying to log in on the client on Whonix 14 with the same setting I use on Whonix 13 (Host: 127.0.0.1, Port: 9150, Tor Control Port: 9151) I get the error message "Cannot login. (curl: (7) Unable to receive initial SOCKS5 response. - with ‘tor’ (always) proxy and ‘none’ auth). I can log in on the client using no proxy setting, however this doesn’t work to establish a connection either and changing back to Tor proxy when logged in I get another error message very similar to the one above except that it says “Authorization failed” instead of “Cannot login”. It also says it’s “Unable to find IP address of Tor first node of an established circuit”.
I tried downloading config files for openvpn from the provider and using one with proxy ‘none’ and TCP I am actually able to connect to the VPN using openvpn from the command line. The VPN is also used on Tor Browser as evident by the “Something went wrong” message and websites reporting the VPN IP. A connection to Freenet is however never established.
The config file doesn’t modify /etc/resolv.conf, and installing package resolvconf and adding
script-security 2
up /etc/openvpn-update-resolv-conf
down /etc/openvpn/update-resolv-conf
to the config file causes the connection to still be established, but makes it impossible to connect to any websites anymore. Even ending the openvpn process doesn’t restore the ability to connect to websites, as it doesn’t restore /etc/resolv.conf to its original state, which instead ends up without any nameserver specified at all.
However, using the exact same config file (without the update-resolv-conf) on Whonix 13, I am able to use Freenet without problems, so I’m assuming Freenet doesn’t actually care what nameserver is used (maybe it doesn’t even use the nameserver).

I already saw (and read) this thread Whonix 14 and TorGuard VPN which seems to be about a similar issue, but I’m still lost.
I also followed the guide on Connecting to Tor before a VPN to the end many times, but never had good results (I always ended up with a system that couldn’t connect to the internet at all).

Any help please?

0brand · February 11, 2019, 12:16am

Hi Hello

You’re going to have to pic what to troubleshoot.

1. Freenet login troubles (VPN providers “official” client)

https://whonix.org/wiki/Freenet#Freenet_inside_the_Whonix-Workstation_-Freenet_over_Tor.28Preferred.29

2. Whonix wiki VPN instructions troubleshoot. Logs and steps to reproduce. See:

https://whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN#How_to_Submit_a_Support_Request

HulaHoop · February 11, 2019, 2:49am

Please, for the love of all that is Holy, upgrade.

You need to disable Whonix firewall on the Workstation for OpenVPN to work on Whonix 14+

Actually we should make a note of that on the wiki but I don’t have the exct code snippet in front of me.

0brand · February 11, 2019, 2:53am

Patrick · February 11, 2019, 9:21am

I would hope that disabling it entirely isn’t required. All that matters should be configurable. VPN instructions have chapters on firewall settings.

HulaHoop · February 11, 2019, 4:34pm

Nice. I’ll try them and see what gives.

patoko · February 11, 2019, 9:34pm

Thank you very much for your help.
I applied the script from Dev/Firewall Unload - Whonix and can connect to Freenet now. However, trying to connect to the VPN using the graphical client still gives the same error message as before (Cannot login. (curl: (7) Unable to receive initial SOCKS5 response. - with ‘tor’ (always) proxy and ‘none’ auth) / Unable to find IP address of Tor first node of an established circuit.)
Any idea why that would be?
I guess it’s not the end of the world if I can’t get that to work though, it’s mainly useful to see the load on the different available servers and up / down speed, as I often have to try several servers before finding one that gives decent speeds. Maybe I’ll have to look for another application to monitor the speed.

patoko · February 12, 2019, 6:35pm

Ok, I got the graphical client to work now, I had to set it to proxy ‘none’ plus TCP instead of the proxy ‘Tor’ setting I used on Whonix 13.