Fresh Debian 10: Whonix works for only first host session in which it is installed


  • I am using Debian 10 Buster, LVM encrypted single hard disk.
  • Had to setup a second user that was Administrator after installation to use sudo.
  • Then connected with ProtonVPN Command-Line Tool for Linux - DNS Leak Protection ON, Kill Switch ON blocking LAN in case of VPN drop, Split Tunneling OFF, always using TCP, sudo protonvpn connect
  • Whonix verified
  • I followed the wiki KVM installation tutorial (including reboot after KVM install and users added to groups) all the way to the final step
- Graphical User Interface (GUI)

- Start Virtual Machine Manager.
- Start Menu → Applications → System → Virtual Machine Manager

- Start Whonix-Gateway ™.
- click on Whonix-Gateway → click open → click the play symbol

- Repeat the steps for Whonix-Workstation ™. 

For the first run it works!

Stock unedited Gateway memory - 512 MB
Stock unedited Workstation memory - 2048 MB

On Gateway Anon Connection Wizard bootstraps Tor successfully and connects to Tor network
Then changed root and user passwords on both VMs
Installed Tor Browser on Workstation and it works.

Created snapshot for both VMs: “Fresh Install”

I then followed the steps for standard upgrade on both Gateway and Workstation

  • sudo apt-get update
  • sudo apt-get dist-upgrade

Then could shutdown both virtual machines and start them back up
On Gateway Tor again connected and sdwdate finishes successfully, Tor Browser is fine also.

Created another snapshot for both VMs: “Updated”

A few days later just before start of August (does monthly Tor guard node change have anything to do with what will happen next?)

I powered on host and connected with VPN
Then started up Gateway only first

Now sdwdate-gui icon in top right does not become solid grey and log says

sdwdate - INFO - The clock is sane.
sdwdate - WARNING - Tor is not yet fully bootstrapped. 5 % done.

Tor reports: WARN BOOTSTRAP PROGRESS=5 TAG=conn SUMMARY=“Connecting to a relay” WARNING=“Connection timed out” REASON=TIMEOUT COUNT=6 RECOMMENDATION=ignore HOSTID=“letters and numbers” HOSTADDR=“ip address with varying ports for each count including 443 and others”

The Anon Connection Wizard is also stuck at 5%.

Believed the updates (or the process of making snapshots?) may have broken anything. So reverted to “Fresh Install” snapshot.

The “Fresh Install” snapshot reports Tor is “ok” and apparently “connected”. But the VM clock is a few days in the past and I couldn’t trust that Tor says it is “ok” due to general inexperience.

Restarted Tor and sdwdate and … they are stuck at 5% too.

From a bit of reading I understand I should not try (even if it seems the easy way out) completely uninstalling and reinstalling the Whonix xmls and qcow2’s too much because frequent guard node change can destroy anonymity. Therefore I refrain from doing that and instead first turn to this forum.

Have any ideas? (Scratching head) It’s not to do with a theme change I made on the host with Tweaks after I powered it on, right? Or that I thought to disable IPv6 in host’s Settings - Network? Tried re-enabling it.

Tor Browser works fine on Debian host with VPN on.
I also wonder if I should follow troubleshooting’s suggestion to test if other VMs can connect but I am confused. Can KVM load for example a Debian 10 Buster live or persistent .iso? Or maybe I should not need to do the tests because I did reinstall Whonix completely once before and it seemed to resolve everything but I don’t want to try that again.

Or is just using the “already-connected” Fresh Install snapshot ok after all?

In that case: power off the VM. Restart the VM. Clock should be fine then.
Snapshotting a VM - especially Whonix-Gateway - that is powered off would be a better idea than snapshotting a VM that is running due to the clock issues.

Hello Patrick-dev, thanks for the quick reply.

Following first advice, restart the VM: fixed the clock, but once it’s powered back up Tor continues to remain stuck at 5%.

I did a bit more digging around and found some logs in the Tor control panel highlighted in yellow:

Gateway Tor control panel log:

[warn] Socks version 71 not recognized. (This port is not an HTTP proxy; did you want to use HTTPTunnelPort?)

[warn] Problem bootstrapping. Stuck at 5% (conn): Connecting to a relay. (Connection timed out; TIMEOUT; count 10; recommendation warn; host (letters and numbers) at (IP address, port 443)
[warn] 9 connections have failed:
[warn] 9 connections died in state connect()ing with SSL state (No SSL object)

I think the log’s explicit mention of “stuck at 5%” might be noteworthy?

Ran Workstation, checked sdwdate log to confirm if Tor is usable:

sdwdate - WARNING - Tor is not yet fully bootstrapped. Tor circuit: not established.

Likely not …

Heeding second advice, snapshots: ok, glad to know they can be made powered off, I can try that.

A powered-off snapshot of a working reinstalled Whonix seems like the next step, but I feel like I should listen for a double confirmation from you or other advisor to go ahead with reinstall considering the risk.

If not, I think then will have to find a solution on the Tor bootstrapping stuck at 5%.

Let’s find a way forward …

I don’t have any other advice to fix this. Reason:
Could be a Tor issue.
Whonix is an integration project - bundling together various components such as virtualizer, Debian and Tor.
Tor is allowed to connect by firewall (never an issues with that), virtualizer is configured for network access. Then if Tor doesn’t connect - I don’t know. Being an integration project doesn’t make me an expert on Tor and/or network obstacles.

What you could try is swapping out the virtual hard drive. Replace it with Debian. Or install Debian there. Then install Tor there. See if that could connect. If not you could contact The Tor Project, the creators of Tor for support.

Non-issue as per Tor - Whonix

You can mostly ignore sdwdate for now - as long as Tor won’t work, sdwdate can’t work.