[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

[Help Welcome] KVM Development - staying the course


#81

For VM images (both ova’s and qcow’s):

Physical Isolation:

I thought that the KVM version is build in a qemu/KVM VM using qcow2 or raw LV...
- Redistributed Whonix VM images are build without starting any VMs. - Using qemu-img, mount, chroot and so forth. - Everything is scripted and automated. - No manual interventions for image creation.
No need to make performance tests here: image based VMs (no matter if OVA using sparse files or qcow2) are slower than VMs that use a LVM raw partition.
Working on files in an image file for sure is at least more disk IO.

Ah, you meant raw LVM partitions in your previous post? I was talking about VM images using LVM. I could get convinced, that we should use LVM for VM images. That discussion however, should be unrelated to this KVM thread. But I guess you didn’t raise that point.

KVM LVM partitions with Whonix are theoretically possible. Perhaps they would have even better performance. No one is working it it at the moment. The problem is, how to redistribute KVM LVM partitions with Whonix? It would make the setup more host operating system specific. More instructions would be required. A new option for Whonix’s build script would be required. Instructions would look a bit similar to build instructions for physical isolation (https://www.whonix.org/wiki/Dev/Build_Documentation/Physical_Isolation), I think.

What we’re working on here are VM images, we agreed to use qcow2 images for advantages stated in previous post. It is much simpler to redistribute them. The plan roughly is: 1. download qcow2.xz 2. extract 3. use our kvm instructions [or in future hopefully, run our kvm setup script] 4. done.

Creating a KVM partition however looks much more scary (data loss), difficult for the user (instructions) and technically difficult to implement to me. But if anyone wants to work on this, by all means, go ahead.

LVM itself is the GUI to manage LVs, also to resize them. But there is a also a simple command in the terminal.
What's the GUI package for resizing?
And qcow2 images still can be compressed with gzip, so no worries about huge uploads. Watch out, a gzipped qcow2 image will be about 10% smaller than the native qcow2 zlib compression :)
So if you don't complain about compression. Great. I guess you will like the new qcow2 images. They're already briefly tested by me (that they do boot up, 100 GB apparent size, ~2GB really used space) and uploaded. Just hoping all mirrors updates already. Please try.

http://mirror.whonix.de/8.2/Whonix-Gateway-8.2.qcow2.xz
http://mirror.whonix.de/8.2/Whonix-Gateway-8.2.qcow2.xz.asc

http://mirror.whonix.de/8.2/Whonix-Workstation-8.2.qcow2.xz
http://mirror.whonix.de/8.2/Whonix-Workstation-8.2.qcow2.xz.asc

tar xvf Whonix-Gateway-8.2.qcow2.xz

(unxz won’t work!)

gpg (date/time must match for this release):

gpg --verify Whonix-Gateway-8.2.qcow2.xz.asc gpg: Signature made Wed 07 May 2014 02:41:41 AM CEST using RSA key ID 77BB3C48 gpg: Good signature from "Patrick Schleizer <adrelanos@riseup.net>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA Subkey fingerprint: 6E97 9B28 A6F3 7C43 BE30 AFA1 CB8D 50BB 77BB 3C48

gpg --verify Whonix-Workstation-8.2.qcow2.xz.asc gpg: Signature made Wed 07 May 2014 02:41:56 AM CEST using RSA key ID 77BB3C48 gpg: Good signature from "Patrick Schleizer <adrelanos@riseup.net>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA Subkey fingerprint: 6E97 9B28 A6F3 7C43 BE30 AFA1 CB8D 50BB 77BB 3C48

sha512:

5266eaacb3446f366ce644fe4788858aa4f3dbb073bec9b347f7adffeb969aa5bfe8e08fd073c32389c3345cb9a4e5c62ff5c206871d27740b20016b41012659 Whonix-Gateway-8.2.qcow2.xz feec2956fe78a7ad7d47c48f39faac469bb634600d03f550d4f0ba76ff0edf483d9b96a54e845af271c07170d81bed022dc9788a6a10e602456106a71038d9d0 Whonix-Gateway-8.2.qcow2.xz.asc

2e84f51d1f905b28227e8b2df1114e0ea6f3f021a374866ab36d8ae8fab8d0f9bce0c84f7f804bbee33d030c5c555a87a1d3320d860030dc27489cf7be18022e Whonix-Workstation-8.2.qcow2.xz fe6cec1e5858aa61f3b013aee9650b0297858a7eb4141cfa6d257af47a508c08e1de840098729da119279f241da6e2ea365e7181c66faea05bded3bcf3f28bc6 Whonix-Workstation-8.2.qcow2.xz.asc


#82

ok, now I see… :wink: thanks for your answer-package^^
I will test the new images and also go through your build instructions.
Let’s see if we find more answers and solutions :slight_smile:


#83

Well, this is embarrasing. I cannot get the new qcow images running, in the best case I get a frozen start screen with many funny colourful acsii codes… The systems used for testing were KVM on Ubuntu and openQRM/KVM on Debian Wheezy.
Maybe I pass by in a couple of months again, I simply cannot afford to spend more time on this any more.


#84

hi, this is more of a curiosity question. I was not able to resolve the “resolution problem” that some seem to have with virtbox, that is achieving a higher resolution tried here and here and for now am just dealing. After seeing about the KVM work i wanted to ask if it looked like this ongoing common issue with resolutions would be an issue with KVM like it is in virtbox? I’d be curious to hear anyones experiences.


#85

Just thinking about another approach:
How about following the “Install Whonix-Gateway/Workstation on hardware” guides to build the gateway and workstation on 2 KVM guests? Was this tried already or am I missing something?


#86

[quote=“zweeble, post:85, topic:166”]Just thinking about another approach:
How about following the “Install Whonix-Gateway/Workstation on hardware” guides to build the gateway and workstation on 2 KVM guests? Was this tried already or am I missing something?[/quote]
Not required, since we’re providing .qcow2 images. Missing would be the VM settings.

Either manual:

Or hopefully some day automated:

(I am still hoping, that HulaHoop contributes that part some day.)

What you are suggesting is certainly possible. We had a discussion some time ago about this:
Building Whonix with --bare-metal option in a VM
https://www.whonix.org/forum/index.php/topic,7.msg17.html#msg17

In summary, I for one, do not have time to maintain such a set of separate instructions. And I also find too many options too confusing. And I still don’t see why “Building Whonix with --bare-metal option in a VM” has any advantage over current VM build instructions. The “Building Whonix with --bare-metal option in a VM” imho overcomplicates things, because you always have to argue “but don’t forget the VM settings”. Anyhow. If someone wants to maintain such instructions or such a feature, by all means, you’re welcome.


#87

The resolution can be adjusted from the KDE screen settings dialogue and whatever higher resolution will automatically take effect and fill in the screen when using KVM. But this isn’t recommended because you ill stick out from the group running Whonix I think because resolution is a fingerprintable attribute. There may be safeguards against this in TorBorwser but I’m not knowledgeable enough to confirm this.


#88

[quote=“zweeble, post:85, topic:166”]Just thinking about another approach:
How about following the “Install Whonix-Gateway/Workstation on hardware” guides to build the gateway and workstation on 2 KVM guests? Was this tried already or am I missing something?[/quote]

Like Patrick aid this is not necessary and complicates. things in light o f there being qcow2 images available. The only thing remaining is the automation of a specific set of settings once we there is a consensus on what should be included.


#89

[quote=“HulaHoop, post:87, topic:166”][quote author=ii link=topic=159.msg2091#msg2091 date=1400776741]
hi, this is more of a curiosity question. I was not able to resolve the “resolution problem” that some seem to have with virtbox, that is achieving a higher resolution tried here and here and for now am just dealing. After seeing about the KVM work i wanted to ask if it looked like this ongoing common issue with resolutions would be an issue with KVM like it is in virtbox? I’d be curious to hear anyones experiences.
[/quote]

The resolution can be adjusted from the KDE screen settings dialogue and whatever higher resolution will automatically take effect and fill in the screen when using KVM. But this isn’t recommended because you ill stick out from the group running Whonix I think because resolution is a fingerprintable attribute. There may be safeguards against this in TorBorwser but I’m not knowledgeable enough to confirm this.[/quote]
Not at time of writing. We can document the latest status of that topic here:


#90

[quote=“zweeble, post:1, topic:165”]So there is no intention to make whonix a solution for hosting hidden services? Everything I tested was a disaster and posts about it are regarded as not necessary…
This is sad as this is throwing away a huge potential.[/quote]
Moved and answered here:
https://www.whonix.org/forum/index.php/topic,328.0.html


#91

OK now I know why whonicheck wasn’t running. It was configured be default to exit when another virtualizer is detected. Now I’ll paste how its configured and the output error that now comes up.

## Stop (0) or continue (1) when an unsupported virtualizer is detected. ## 0: stop on unsupported virtualizer ## 1: do not stop on unsupported virtualizer WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER="1"

Stop (0) or continue (1) when KVMClock is detected.

0: stop when KVMClock is detected

1: do not stop when KVMClock is detected

WHONIXCHECK_NO_EXIT_ON_KVMCLOCK_DETECTION=“1”

Enable (0) or disable (1) SocksPort Test.

0: enable SocksPort Test

1: disable SocksPort Test

WHONIXCHECK_DISABLE_SOCKS_PORT_TEST=“0”

Stop (0) or continue (1) when Tor can’t be detected on TransPort.

0: stop when Tor can’t be detected on TransPort

1: do not stop when Tor can’t be detected on TransPort

WHONIXCHECK_NO_EXIT_ON_TRANS_PORT_DETECTION_FAILURE=“0”

Enable (0) or disable (1) TransPort Test.

0: enable TransPort Test

1: disable TransPort Test

WHONIXCHECK_DISABLE_TRANS_PORT_TEST=“0”

Stop (0) or continue (1) when IP Forwarding is detected on Whonix-Gateway.

0: stop when IP Forwarding is detected on Whonix-Gateway

1: do not stop when IP Forwarding is detected on Whonix-Gateway

WHONIXCHECK_NO_EXIT_ON_IP_FORWARDING_DETECTION=“1”

Error:

Tor Bootstrap Result: Tor's Control Port could not be reached. (Code: 124) (tor_bootstrap_status: Variable tor_bootstrap_status is empty.) (check_socks_port_open_test: 22) Did you start Whonix-Gateway beforehand? Please run whonixcheck on Whonix-Gateway. Then restart whonixcheck on Whonix-Workstation

#92

Looks like we have to deal with graver issues before KVM supports gets closer. I thought we already are at the point of functional socksified and transparent torified proxying as well as functional whonixcheck. Perhaps some IP / internal network settings in KVM are still wrong? Suggested roadmap: 1. get whonixcheck working 2. Perhaps https://www.whonix.org/forum/index.php/topic,243.0.html already gets void then as well, maybe it just is a result of a KVM misconfiguration.

Two new tests useful for porting to other platforms have just been added by me:

Please try them.

Does whonixcheck work on Whonix-Gateway?

Last but not least, that test can also be skipped, but that really should only be temporarily.

Yes, but it should have said exactly this and advised what could be done to skip this. Maybe these messages can/should be improved. (Strings are here: https://github.com/Whonix/whonixcheck/blob/master/usr/lib/whonixcheck/check_virtualizer and here: https://github.com/Whonix/whonixcheck/blob/master/usr/lib/whonixcheck/check_kvmclock.)


#93

HulaHoop, and when you find time, can you try please if these newly compressed images do work for you?
https://www.whonix.org/forum/index.php/topic,159.msg1899.html#msg1899


#94

I ran the other test but I don’t know how to do the one with bootstrap disabled, please guide me how.

user@host:~$ curl.whonix-orig 192.168.0.10:9100 ; echo $? Tor is not an HTTP Proxy

Tor is not an HTTP Proxy

It appears you have configured your web browser to use Tor as an HTTP proxy. This is not correct: Tor is a SOCKS proxy, not an HTTP proxy. Please configure your client accordingly.

See https://www.torproject.org/documentation.html for more information.

user@host:~$ curl.whonix-orig 192.168.0.10:9052 510 Prohibited command "GET / HTTP/1.1" 510 Prohibited command "User-Agent: curl/7.26.0" 510 Prohibited command "Host: 192.168.0.10:9052" 510 Prohibited command "Accept: */*" 510 Unrecognized command ""

WhonixGateway whonixcheck result:

SocksPort Test Result: Tor's SocksPort: Looks like you are not connected through Tor! IP: XXXXXXXXXXXXXX

The IP that was given was one thats not my own but one that belongs to a relay node, but I scrubbed it anyway.


#95

Seems to work. Let’s figure out why whonixcheck on Whonix-Workstation doesn’t work.

On Whonix-Workstation, can you post please the output of.

(You could also drop the “–function check_tor_bootstrap”, but then you would have to scrub a lot.)


#96

Got the output here, please scrub anything sensitive if there is any. I gave it a look and it seems ok.

root@host:/home/user# bash -x whonixcheck --function check_tor_bootstrap + set -o pipefail + NOTIFY_MSG='Checking Tor Connection, Tor Browser Version, Operating System Updates, Whonix Version, Whonix News... This will happen in background and will take approximately three minutes...' + ICON=/usr/share/whonix/icons/whonix.ico ++ basename whonixcheck + SCRIPTNAME=whonixcheck + IDENTIFIER=whonixcheck + source /usr/lib/whonix/whonixcheck/help_error-handler + trap error_handler ERR + source /usr/lib/whonix/process_killer_helper + source /usr/lib/whonix/whonixcheck/10_preparation + source /usr/lib/whonix/whonixcheck/help_uwt_tool + source /usr/lib/whonix/whonixcheck/help_cli + source /usr/lib/whonix/whonixcheck/help_parse-cmd-options + source /usr/lib/whonix/whonixcheck/15_root_check + source /usr/lib/whonix/whonixcheck/16_1_check_virtualizer + source /usr/lib/whonix/whonixcheck/16_2_check_kvmclock + source /usr/lib/whonix/whonixcheck/16_3_check_ip_forwarding_disabled + source /usr/lib/whonix/whonixcheck/17_check_tor_enabled + source /usr/lib/whonix/whonixcheck/17_2_check_whonixsetup_done + source /usr/lib/whonix/whonixcheck/18_check_tor_config + source /usr/lib/whonix/whonixcheck/19_1_check_tor_pid + source /usr/lib/whonix/whonixcheck/19_2_1_check_package_manager_running + source /usr/lib/whonix/whonixcheck/19_2_check_tor_bootstrap + source /usr/lib/whonix/whonixcheck/20_check-lastrun + source /usr/lib/whonix/whonixcheck/25_autostart + source /usr/lib/whonix/whonixcheck/35_disclaimer + source /usr/lib/whonix/whonixcheck/38_check_hostname + source /usr/lib/whonix/whonixcheck/40_check_tor_socks_or_trans_port + source /usr/lib/whonix/whonixcheck/45_check-stream-isolation + source /usr/lib/whonix/whonixcheck/50_check-whonix-news + source /usr/lib/whonix/whonixcheck/55_check-operating-system + source /usr/lib/whonix/whonixcheck/56_check-whonix-apt-repository + source /usr/lib/whonix/whonixcheck/help_tbbversion + source /usr/lib/whonix/whonixcheck/65_check-torbrowser + source /usr/lib/whonix/whonixcheck/67_check_clock + source /usr/lib/whonix/whonixcheck/70_check-sdwdate + source /usr/lib/whonix/whonixcheck/72_donate + source /usr/lib/whonix/whonixcheck/75_cleanup ++ trap trap_sigterm SIGTERM ++ trap trap_sigint SIGINT + whonixcheck_main --function check_tor_bootstrap + trap error_handler ERR + parse_cmd_options --function check_tor_bootstrap + trap error_handler ERR + AUTOSTARTED=0 + CURL_VERBOSE=--silent + : + case $1 in + FUNCTION=check_tor_bootstrap + shift 2 + : + case $1 in + break + preparation + trap error_handler ERR + '[' -e /var/run/whonix/whonixcheck/whonixcheck_pid ']' + local oldpid ++ cat /var/run/whonix/whonixcheck/whonixcheck_pid + oldpid=2344 + '[' '!' 2344 = '' ']' + lastpid=2344 + process_killer_helper ++ type -t error_handler + '[' function = function ']' + trap error_handler ERR + '[' 2344 = '' ']' + local ps_p_exit_code + ps_p_exit_code=0 + ps -p 2344 + ps_p_exit_code=1 + true + '[' '!' 1 = 0 ']' + return 0 + unset lastpid + rm --force /var/run/whonix/whonixcheck/whonixcheck_done + rm --force /var/run/whonix/whonixcheck/whonixcheck_recently_run + sudo -u user touch /var/run/whonix/whonixcheck/whonixcheck_running + sudo -u user tee /var/run/whonix/whonixcheck/whonixcheck_pid + echo 4742 + sync + '[' '' = '' ']' + '[' :0 = '' ']' + display=:0 + local my_tty + local my_tty_exit_code + my_tty_exit_code=0 ++ tty + my_tty=/dev/pts/1 + '[' '!' 0 = 0 ']' + '[' /dev/pts/1 = '' ']' + output=/usr/lib/whonix/msgcollector + output_opt_1='--icon /usr/share/whonix/icons/whonix.ico' + output_opt_2='--parentpid 4742' + output_opt_3='--identifier whonixcheck' + output_opt_4='--parenttty /dev/pts/1' + output_opts=("$output_opt_1" "$output_opt_2" "$output_opt_3" "$output_opt_4" "$output_opt_5") + '[' whonixcheck = whonixcheck ']' + output_opt_extra_1=--lefttop + temp=("$output_opt_extra_1") + output_opts=("${output_opts[@]}" "$temp") + user_name=user + WHONIX_HOMEPAGE=https://www.whonix.org ++ mktemp --directory + VERIFY_TEMPDIR=/tmp/tmp.2OeJpu3334 + get_local_whonix_version + trap error_handler ERR + whonix_deb_package_version='Could not read Whonix Deb Version File. (Code: 1) Please report this bug!' + '[' -f /usr/share/whonix/whonix_gateway ']' + '[' -f /usr/share/whonix/whonix_workstation ']' ++ dpkg-query --show '--showformat=${Version}' whonix-workstation-files + whonix_deb_package_version=2:8-debpackage1 ++ awk -F : '{ print $2 }' ++ echo 2:8-debpackage1 + whonix_deb_package_version=8-debpackage1 + '[' 8-debpackage1 = '' ']' + whonix_build_version='Could not read Whonix Build Version File. (Code: 1) Please report this bug!' + '[' -f /usr/share/whonix/build_version ']' ++ cat /usr/share/whonix/build_version + whonix_build_version=8 + '[' 8 = '' ']' + mkdir --parents /tmp/tmp.2OeJpu3334 + chmod 700 /tmp/tmp.2OeJpu3334 + '[' -f /usr/share/whonix/whonix_gateway ']' + '[' -f /usr/share/whonix/whonix_workstation ']' + VM=Whonix-Workstation + vm_lower_case_short=workstation + GATEWAY_IP=192.168.0.10 + '[' -f /etc/apt/sources.list.d/whonix.list ']' + whonix_codename=unknown + local i + read i + local first second third fourth + read -r first second third fourth _ + '[' '##' = deb ']' + read i + local first second third fourth + read -r first second third fourth _ + '[' '##' = deb ']' + read i + local first second third fourth + read -r first second third fourth _ + '[' '##' = deb ']' + read i + local first second third fourth + read -r first second third fourth _ + '[' '' = deb ']' + read i + local first second third fourth + read -r first second third fourth _ + '[' '##' = deb ']' + read i + local first second third fourth + read -r first second third fourth _ + '[' '' = deb ']' + read i + local first second third fourth + read -r first second third fourth _ + '[' '##' = deb ']' + read i + local first second third fourth + read -r first second third fourth _ + '[' '##' = deb ']' + read i + local first second third fourth + read -r first second third fourth _ + '[' '##' = deb ']' + read i + local first second third fourth + read -r first second third fourth _ + '[' '##' = deb ']' + read i + local first second third fourth + read -r first second third fourth _ + '[' '##' = deb ']' + read i + local first second third fourth + read -r first second third fourth _ + '[' '##' = deb ']' + read i + local first second third fourth + read -r first second third fourth _ + '[' '##' = deb ']' + read i + local first second third fourth + read -r first second third fourth _ + '[' '##' = deb ']' + read i + local first second third fourth + read -r first second third fourth _ + '[' '' = deb ']' + read i + local first second third fourth + read -r first second third fourth _ + '[' deb = deb ']' + whonix_codename=stable + break + whonix_codename_uppercase=STABLE + '[' '' = 1 ']' + '[' 0 = 1 ']' + manualrun=1 ++ uname --machine + ARCH=i686 ++ date + TITLE='whonixcheck | Whonix-Workstation | 8-debpackage1 | Mon Jun 2 03:19:31 UTC 2014' + for i in '/etc/whonix.d/*' + '[' -f /etc/whonix.d/30_aptrepository_default ']' + '[' t = '~' ']' + grep -q .dpkg- + echo /etc/whonix.d/30_aptrepository_default + source /etc/whonix.d/30_aptrepository_default + for i in '/etc/whonix.d/*' + '[' -f /etc/whonix.d/30_desktop_default ']' + '[' t = '~' ']' + grep -q .dpkg- + echo /etc/whonix.d/30_desktop_default + source /etc/whonix.d/30_desktop_default ++ whonixdesktop_autostart_decision_feature=1 ++ whonixdesktop_start_display_manager=1 ++ whonixdesktop_minium_ram=480 ++ whonixdesktop_skip_ram_test=0 ++ whonixdesktop_wait=1 ++ whonixdesktop_wait_seconds=10 ++ whonixdesktop_debug=0 ++ whonixdesktop_disable_rc_d_remove=0 ++ x_default_dm_config_file=/etc/X11/default-display-manager ++ whonixdesktop_display_manager= + for i in '/etc/whonix.d/*' + '[' -f /etc/whonix.d/30_timeprivacy_default ']' + '[' t = '~' ']' + grep -q .dpkg- + echo /etc/whonix.d/30_timeprivacy_default + source /etc/whonix.d/30_timeprivacy_default ++ timeprivacy_global=0 ++ declare -A -g timeprivacy + for i in '/etc/whonix.d/*' + '[' -f /etc/whonix.d/30_torbrowser_default ']' + '[' t = '~' ']' + grep -q .dpkg- + echo /etc/whonix.d/30_torbrowser_default + source /etc/whonix.d/30_torbrowser_default ++ TB_LANG=en-US ++ tb_link_confirmation_for_links=1 ++ tb_link_confirmation_for_files=1 + for i in '/etc/whonix.d/*' + '[' -f /etc/whonix.d/30_uwt_default ']' + '[' t = '~' ']' + grep -q .dpkg- + echo /etc/whonix.d/30_uwt_default + source /etc/whonix.d/30_uwt_default ++ uwtwrapper_global=1 ++ declare -A -g uwtwrapper ++ declare -A -g uwtport ++ uwtport["/usr/bin/git"]=9107 ++ uwtport["/usr/bin/apt-get"]=9105 ++ uwtport["/usr/bin/curl"]=9117 ++ uwtport["/usr/bin/gpg"]=9105 ++ uwtport["/usr/bin/mixmaster-update"]=9120 ++ uwtport["/usr/bin/rawdog"]=9118 ++ uwtport["/usr/bin/ssh"]=9106 ++ uwtport["/usr/bin/wget"]=9109 ++ uwtport["/usr/bin/aptitude"]=9124 ++ '[' '' = 1 ']' ++ '[' -f /usr/share/whonix/whonix_workstation ']' ++ uwtwrapper_gateway_ip=192.168.0.10 + for i in '/etc/whonix.d/*' + '[' -f /etc/whonix.d/30_whonixcheck_default ']' + '[' t = '~' ']' + grep -q .dpkg- + echo /etc/whonix.d/30_whonixcheck_default + source /etc/whonix.d/30_whonixcheck_default ++ WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER=1 ++ WHONIXCHECK_NO_EXIT_ON_KVMCLOCK_DETECTION=1 ++ WHONIXCHECK_DISABLE_SOCKS_PORT_TEST=0 ++ WHONIXCHECK_NO_EXIT_ON_TRANS_PORT_DETECTION_FAILURE=0 ++ WHONIXCHECK_DISABLE_TRANS_PORT_TEST=0 ++ WHONIXCHECK_NO_EXIT_ON_IP_FORWARDING_DETECTION=1 ++ date +%s + TIME_START=1401679171 + local tmp ++ mktemp + tmp=/tmp/tmp.8kWK6JmI3z + local progressbaridx + progressbaridx=8kWK6JmI3z + progressbaridx_main=8kWK6JmI3z + /usr/lib/whonix/msgcollector --icon /usr/share/whonix/icons/whonix.ico --parentpid 4742 --identifier whonixcheck --parenttty /dev/pts/1 --lefttop --forget + whonixcheck_run_function uwt_tool + trap error_handler ERR + case $whonixcheck_skip_functions in + true 'INFO: Running uwt_tool, because whonixcheck_skip_functions does not include it.' + eval uwt_tool ++ uwt_tool ++ trap error_handler ERR ++ ret=0 ++ command -v curl.whonix-orig ++ '[' 0 = 0 ']' ++ CURL=curl.whonix-orig ++ ret=0 ++ command -v apt-get.whonix-orig ++ '[' 0 = 0 ']' ++ APT_GET=apt-get.whonix-orig + '[' check_tor_bootstrap = '' ']' + check_tor_bootstrap + trap error_handler ERR + local SOCKS_PORT_WHONIXCHECK + SOCKS_PORT_WHONIXCHECK=9110 + true 'FUNCNAME: CURL: curl.whonix-orig' + lastpid=4795 + wait 4795 + curl.whonix-orig --fail --silent --max-time 5 --output /tmp/tmp.2OeJpu3334/socks_port_open_file 192.168.0.10:9110 + check_socks_port_open_test=22 + true + '[' 22 = 22 ']' + true + local i + i=0 + '[' Whonix-Workstation = Whonix-Gateway ']' + check_tor_bootstrap_helper + trap error_handler ERR + local kill_after=5s + local timeout_after=10s + check_bootstrap_script=/usr/lib/whonix/whonixcheck/help_check_tor_bootstrap.py + local bootstrap_file=/tmp/tmp.2OeJpu3334/tor_bootstrap_temp + rm --force /tmp/tmp.2OeJpu3334/tor_bootstrap_temp + local temp_exit_code + temp_exit_code=0 + lastpid=4797 + wait 4797 + timeout --kill-after=5s 10s /usr/lib/whonix/whonixcheck/help_check_tor_bootstrap.py + temp_exit_code=124 + true + '[' -f /tmp/tmp.2OeJpu3334/tor_bootstrap_temp ']' + local temp_status ++ cat /tmp/tmp.2OeJpu3334/tor_bootstrap_temp + temp_status= + '[' '' = '' ']' + temp_status='ERROR: Variable temp_status is empty. Please report this Whonix bug!' + '[' '' = '' ']' ++ date +%s + TOR_BOOTSTRAP_TIME_START=1401679181 ++ date +%s + TOR_BOOTSTRAP_TIME_NOW=1401679181 + TOR_BOOTSTRAP_TIME_PASSED=0 + local bootstrap_file=/tmp/tmp.2OeJpu3334/tor_bootstrap_file + rm --force /tmp/tmp.2OeJpu3334/tor_bootstrap_file + tor_bootstrap_percent=0 + lastpid=4833 + wait 4833 + timeout --kill-after=5s 10s /usr/lib/whonix/whonixcheck/help_check_tor_bootstrap.py + tor_bootstrap_percent=124 + true + '[' -f /tmp/tmp.2OeJpu3334/tor_bootstrap_file ']' ++ cat /tmp/tmp.2OeJpu3334/tor_bootstrap_file + tor_bootstrap_status= + '[' '' = '' ']' + tor_bootstrap_status='Variable tor_bootstrap_status is empty.' + local 'MSG=tor_bootstrap_percent: 124' + local 'MSG=tor_bootstrap_status: Variable tor_bootstrap_status is empty.' + '[' 124 = 255 ']' + '[' 124 = 124 ']' + '[' Whonix-Workstation = Whonix-Gateway ']' + '[' Whonix-Workstation = Whonix-Workstation ']' + local 'MSG=Tor Bootstrap Result: Tor'\''s Control Port could not be reached. (Code: 124) (tor_bootstrap_status: Variable tor_bootstrap_status is empty.) (check_socks_port_open_test: 22) Did you start Whonix-Gateway beforehand? Please run whonixcheck on Whonix-Gateway. Then restart whonixcheck on Whonix-Workstation' + '[' '' = 1 ']' + /usr/lib/whonix/msgcollector --icon /usr/share/whonix/icons/whonix.ico --parentpid 4742 --identifier whonixcheck --parenttty /dev/pts/1 --lefttop --messagex --typex error --titlex 'whonixcheck | Whonix-Workstation | 8-debpackage1 | Mon Jun 2 03:19:31 UTC 2014' --message 'Tor Bootstrap Result: Tor'\''s Control Port could not be reached. (Code: 124) (tor_bootstrap_status: Variable tor_bootstrap_status is empty.) (check_socks_port_open_test: 22) Did you start Whonix-Gateway beforehand? Please run whonixcheck on Whonix-Gateway. Then restart whonixcheck on Whonix-Workstation' + /usr/lib/whonix/msgcollector --icon /usr/share/whonix/icons/whonix.ico --parentpid 4742 --identifier whonixcheck --parenttty /dev/pts/1 --lefttop --messagecli --typecli error --titlecli 'whonixcheck | Whonix-Workstation | 8-debpackage1 | Mon Jun 2 03:19:31 UTC 2014' --message 'Tor Bootstrap Result: Tor'\''s Control Port could not be reached. (Code: 124) (tor_bootstrap_status: Variable tor_bootstrap_status is empty.) (check_socks_port_open_test: 22) Did you start Whonix-Gateway beforehand? Please run whonixcheck on Whonix-Gateway. Then restart whonixcheck on Whonix-Workstation' [ERROR] [whonixcheck] Tor Bootstrap Result: Tor's Control Port could not be reached. (Code: 124) (tor_bootstrap_status: Variable tor_bootstrap_status is empty.) (check_socks_port_open_test: 22) Did you start Whonix-Gateway beforehand? Please run whonixcheck on Whonix-Gateway. Then restart whonixcheck on Whonix-Workstation + EXIT_CODE=1 + cleanup 1 + trap error_handler ERR + true 'cleanup function...' + /usr/lib/whonix/msgcollector --icon /usr/share/whonix/icons/whonix.ico --parentpid 4742 --identifier whonixcheck --parenttty /dev/pts/1 --lefttop --progressbaridx 8kWK6JmI3z --progressx 100 + rm --force /var/run/whonix/whonixcheck/whonixcheck_running + rm --force /var/run/whonix/whonixcheck/whonixcheck_waiting + touch /var/run/whonix/whonixcheck/whonixcheck_done + sync + '[' '!' 1 = 1 ']' + /usr/lib/whonix/msgcollector --icon /usr/share/whonix/icons/whonix.ico --parentpid 4742 --identifier whonixcheck --parenttty /dev/pts/1 --lefttop --messagex --done + /usr/lib/whonix/msgcollector --icon /usr/share/whonix/icons/whonix.ico --parentpid 4742 --identifier whonixcheck --parenttty /dev/pts/1 --lefttop --messagecli --done + cd .. + '[' 1 = '' ']' + '[' 1 = 1 ']' + true END + exit 1

#97
Means, timeout occurred while running /usr/lib/whonix/whonixcheck/help_check_tor_bootstrap.py. (Currently set to 5 seconds, I thought that will work on all systems. But not sure yet this is the problem.)

Can you run this command please in Whonix-Workstation?

[code]/usr/lib/whonix/whonixcheck/help_check_tor_bootstrap.py ; echo $?[/code]

If it works, it will show something like.

[code]NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
100[/code]

Or at least it should output anything.

If it worked, please run and measure the time so I can adjust the timeout variable.

[code]time /usr/lib/whonix/whonixcheck/help_check_tor_bootstrap.py[/code]

Means, timeout occurred while running /usr/lib/whonix/whonixcheck/help_check_tor_bootstrap.py. (Currently set to 5 seconds, I thought that will work on all systems. But not sure yet this is the problem.)

Can you run this command please in Whonix-Workstation?

If it works, it will show something like.

NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done" 100

Or at least it should output anything.

If it worked, please run and measure the time so I can adjust the timeout variable.


#98

Output for these two commands:

root@host:/home/user# /usr/lib/whonix/whonixcheck/help_check_tor_bootstrap.py ; echo $? NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
user@host:~$ time /usr/lib/whonix/whonixcheck/help_check_tor_bootstrap.py NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"

Testing of 8.2 images in progress. Will post how this goes.


#99

[quote=“HulaHoop, post:98, topic:166”][quote]user@host:~$ time /usr/lib/whonix/whonixcheck/help_check_tor_bootstrap.py
NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY=“Done”
[/quote][/quote]
How long did it take? Seems like you omitted time’s output. I don’t need the exact times. Just 0.5 seconds, 1 seconds, 5 seconds, 10 seconds or something like that.

If it’s below 5 seconds, then also whonixcheck should work.

Maybe whonixcheck error from https://www.whonix.org/forum/index.php/topic,159.msg2199.html#msg2199 was just temporarily due to high system load?


#100

There was no time listed in the output but the answer came back near instant, so I’d say 1 second or less.

I don’t think I have mentioned this, but since disabling transproxy, timesync no longer works.

As for 8.2, the images are working fine and decompressed fine.

Please add links for the qcow2 images on the download page for them to be accessible to more users.

One thing I realized in the whonix firewall configuration, is that the gateway traffic is itself not tunneled through Tor. This is probably not a good thing as an ISP can know if its customers are running Whonix if and when an update is made using apt. Can you please consider torrifying all the gateway traffic to mask this? Yes it may be slower but from what I’ve tried not by much. I think this is very important to maintain homogenous anonymity with the normal TBB crowd.