[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Long Wiki Edits Thread

#774

No problem

Originally referenced Co-developer Concept but I took it out. Oops :slight_smile:

#775

Done!

Debugging with curl

Trying to use curl rather than curl.anondist-org is a common mistake when debugging Whonix network issues.

curl is a symlink to curl.anondist. In turn, this symlinks to uwt which runs curl under torsocks. torksocks then forces Tor to run on localhost for stream isolation.

To use curl

  • The uwt steam isolation wrapper must be deactivated
  • The command must be run under user clearnet

In Whonix-Gateway or sys-whonix (Qube-Whonix)

1. Change to user clearnet

sudo su clearnet

2. Deactivate uwt stream isolation wrapper by appending .anondist-orig to curl

curl.anondist-orig <your_url>

Using curl in Whonix 14

curl must be run under user clearnet the same as in Whonix 13

In the following examples, the exec calls from the command output shows the difference between running curl with the uwtwrapper both enabled and disabled.

Example 1

curl is run with the uwtwrapper enabled.

uwtwrapper_verbose=1 curl <your_url>

This results in the following exec calls. Only the latest (most recent) call matters which shows torsocks is prepended before running curl.

exec torsocks /usr/lib/uwtexec something <your_url>
exec -a /usr/bin/curl /usr/bin/curl.anondist-orig <your_url>

Example 2

curl is run with the uwtwrapper disabled.

uwtwrapper_verbose=1 UWT_DEV_PASSTHROUGH=1 curl <your_url>

This command results in the following exec calls which show torsocks does not get prepended before curl. Since curl does not run under torsocks, local connections are not hindered and there is no stream isolation

exec /usr/lib/uwtexec <your_url>
exec -a /usr/bin/curl /usr/bin/curl.anondist-orig <your_url>

The output from the previous commands establish the following

  • /usr/bin/curl is symbolically linked to /usr/bin/curl.anondist-orig. This demonstrates /usr/bin/curl.anondist-orig is the actual (real) curl binary.

  • When /usr/bin/curl.anondist-orig is run with the uwtwrapper disabled all uwt logic is circumvented.

Users can either run curl under user clearnet or deactivate the uwt stream isolation
wrapper either permanently or temporary

Links:

https://www.whonix.org/wiki/Stream_Isolation
https://www.whonix.org/wiki/Stream_Isolation/Disable_Easy

Done!

https://whonix.org/w/index.php?title=FAQ&oldid=34364&diff=cur

1 minor edit in stream isolation chapter

https://whonix.org/w/index.php?title=Stream_Isolation&oldid=34458&diff=cur

#776

Whonix 13 / 14, there is no difference. You always need to run under user clearnet.

Well, it actually depends (but not on 13 / 14).

If you want to reach clearnet -> user clearnet.

For location connections -> any user.

#777

I must be doing something wrong sys-whonix (Whonix 14)?

anon-info

INFO: /etc/apt/sources.list.d/torproject.list does not exist.
INFO: version of the 'tor' package: 0.3.3.7-1~d90.stretch+1

sudo su clearnet
user@host:~$

sys-whonix (Whonix 13)

sudo su clearnet
clearnet@host:/home/user$
#778

New proposed edits reflect Whonix 14 requires user clearnet

Please let me know if any changes are necessary

Note: spacing in some areas are a little wide i.e. spacing between bullet lists and next text block

https://whonix.org/w/index.php?title=Dev/anon-ws-disable-stacked-tor&oldid=33749&diff=cur

Edit: Bullet spacing already reported https://phabricator.whonix.org/T809

#779

Some mistakes by me earlier.

  • I’ve changed the wording to circumvent / disable as two different things.
  • It’s not either user clearnet or circumvent/disable uwt. circumvent/disable uwt is always required when trying to reach localhost or clearnet. Running under user clearnet is only required when trying to reach clearnet or local LAN.
#780

Hi 0brand,

Go ahead and please remove that excess bold you identified for a specific wiki page in that other tread. It does look horrible.

#781

I’ll have it done a little latter on today :slight_smile:

I’m starting on screenshots (finally). I was trying to think of what is asked most often on the forum. Any screenshots that would help users config Qubes R-4 specific Whonix stuff?

If you can think of any let me know -->https://whonix.org/t/updated-screenshots-images-thread/5371

#782

Done!

https://www.whonix.org/w/index.php?title=Tor&oldid=33867&diff=cur

Whonix 14 release notes

Removed link to sandboxed Tor Browser (Depricated)

https://www.whonix.org/w/index.php?title=Whonix_Release_Notes&oldid=34585&diff=cur

Tor Browser

  • Removed link to sandboxed Tor Browser (Deprecated)
  • fixed link “Do Not Tor over Tor”

https://www.whonix.org/w/index.php?title=Tor_Browser&oldid=34462&diff=cur

#783

Hi 0brand,

All fixed, except:

  • Updated whonixcheck GUI (success message)
  • Updated whonixcheck progress meter (requires Whonix 14 for nice successful message)
  • Updated leak tests with Flash installed

That would be great if you could knock those off. I already added Tor Controller GUI and a bunch of others.

For bonus points, maybe add:

  • Whonix Repository GUI
  • Reload Tor GUI (?)
  • Reload Firewall GUI (?)
  • Restart Tor GUI (?)
  • Anything else @Patrick ?
#784

Computer Security Education split -> Fixed

Please accept all the main ToC changes to reflect this, plus I nitpicked the whole thing, listed it alphabetically, and created new sections where required.

Probably the Tor Browser stuff is another candidate for chopping down to size in the new “Anonymous Browsing” section I created, but lets focus on fixing links first.

#785

document multiple Qubes TemplateVMs:
https://phabricator.whonix.org/T811

#786

Was able to get

  • whonixcheck progress meter. I never saw a successful message. I think it flashes on and off the screen to quick to see.
  • Whonix Repository GUI x 2
  • Reload Tor GUI (I’m counting it since it starts from the GUI) Use it or not. :slight_smile:
  • Reload Firewall GUI (Same as above. Not really GUI but usable?)
  • 2 new Arm controller screenshots i.e. without large “W” in sys-whonix

Not able to get

  • whonixcheck GUI success message. Not sure what successful message you are referring to? (using unaltered TemplateVM)
  • Flash leak test. I see why this was not completed. I’ll get it done :wink:
  • Restart Tor GUI .png was corrupted

Good idea for Whonix 14 rolling releases since users will want to use multiple repositories.

I’ll put this at the top of my TODO. Shouldn’t take to long to complete

#787

Not ready for a call for testers but would appreciate if you could revise the wording.

#788

Advanced security guide:

Experiment with these…

#789

Added to Top of my list along with

document multiple Qubes TemplateVMs:

wink, nudge, nudge @torjunkie :slight_smile:

#790

Thanks @0brand - linked all your pics and edited Screenshots accordingly. Pity about success message, I thought it stayed there until closed by user (or it used to).

ha ha - I’ll let you work your technical magic and come sniffing later on :wink:

Bump @Patrick

If you approve all that, it will be much easier to start fixing all the links from the 3 splits.

Plus, it improves the main ToC which is too chunky in that section I split into browsing, email & messengers, other anonymous services. (plus splitting off dev/license stuff into own section)

#791

https://phabricator.whonix.org/T141 -> Fixed.

Please close.

#792

torjunkie:

Bump @Patrick

If you approve all that, it will be much easier to start fixing all the links from the 3 splits.

Plus, it improves the main ToC which is too chunky in that section I split into browsing, email & messengers, other anonymous services.

Sure. Thanks for letting me know that this blocks things so I will
prioritize it. (Previously I didn’t prioritize since it looked like a
time consuming change.)

Unfortunately the accept revision button is broken perhaps due to recent
changes. Already notified mig5. I’ll review as soon I hear it’s repaired.

#793

Revision button should be fixed now! :slight_smile: