I just install whonix 13 don’t even download tor browser.
My torrc file is
UseBridges 1
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy
bridge obfs4 …
bridge obfs4 …
Sandbox 1
ConnectionPadding 1
DisableNetwork 0
And it says Failed to start anonymizing
When I comment Sandbox and ConnectionPadding it is connecting to Tor.
Also I’ve done this Advanced Security Guide - Whonix
Is there a way to make it work with ConnectionPadding and Sandbox, where could be the error ?
Hi Kowi
Could you please run this command in Whonix-Gateway Konsole and post the results
anon-info
INFO: /etc/apt/sources.list.d/torproject.list uncommented lines:
deb http;//sdscoq7snqtznauu.onion/torproject.org jessie main
INFO: version of the ‘tor’ package: 0.2.9.8-2~d80.jessie+1
Problem is because between http and // is ; and not : ?
It was like that by default I think, I do not remember how I changed it
Not the problem. Could you try using only Sandbox 1 and see if Tor connects. Then do the same with using only ConnectionPadding 1
Could you also post any pertinent Tor logs being careful to redact any sensitive information. You can use either arm or:
In Whonix-Gateway konsole, run.
tail -f /var/run/tor/log
It’s not working without ConnectionPadding and Sandbox.
arm says New connection opened from 127.0.0.1. [alot of duplicates hidden]
I’m using KVM
Could you please post the output of the following command. (with both Sandbox 1 and ConnectionPadding 1 added to torrc)
In Whonix-Gateway konsole, run.
sudo -u debian-tor tor --verify-config
Edit:
Could you please briefly comment out all options that you set in the following:
Advanced Security Guide - Whonix
Then restart Tor with Sandbox, ConnectionPadding and post any error messages (Full error messages please)
I don’t think it’s whonix gateway or whonix workstation problem.
I had same problem in Tails in KVM, after I installed NTP at host problem got solved and I could connect to Tor. So problem got fixed for Tails, but not for Whonix. Whonix and Tails use different network sources
Tails/KVM - With only bridges connected with not problem
Tails/KVM - With bridges and SandBox 1 , ConnectionPadding 1 would not connect.
Tail/KVM - After you installed NTP on host you were able to connect with Sandbox and ConnectionPadding.
Is this all correct?
You will not know until you troubleshoot. I don’t think the problem is with sdwdate.
If you would like help troubleshooting could you please. All in Whonix-Gateway (with both sandbox and connectionpadding in torrc)
Briefly comment out Disable Control Port Filter Proxy
Start arm
In Whonix-Gateway konsole run, (post results)
sudo -u debian-tor tor --verify-config
In Whonix-Gateway konsole, restart Tor
sudo systemctl restart tor@default
Post any error messages
In Whonix-Gateway konsole, run whonixcheck. (post error messages)
whonixcheck --verbose
Comment out Sandbox 1 and ConnectionPadding 1 and repeat steps 4-6.
Same erros with sandbox and and without
When I start control port
Failed to start control-port-filter-proxy-python.service: Unit control-port-filter-proxy-python.service failed to load: No such file or directory.
Failed to parse/validate config: Unknown option ‘ConnectionPadding’. Failing.
The torrc differs from what tor’s using. You can issue a sighup to reload the torrc values by pressing x.
Could you please try the debug instructions again. There are a few more step needed to enable CPFP which I added to the instructions. This should produce more error messages when whonixcheck is run.
When following the steps 1-8 for the first time Sandbox and ConnectionPadding is added to your torrc. The second time remove both options to see if Tor connects.
In Whonix-Gateway konsole, activate CPFP.
sudo nano /etc/whonix_firewall.d/50_user.conf
Add the following content
CONTROL_PORT_FILTER_PROXY_ENABLE=1
In Whonix-Gateway konsole, enable autostart of CPFP.
sudo systemctl unmask control-port-filter-proxy-python
Reboot
In Whonix-Gateway konsole, Check if CPFP is still running or disabled.
ps aux
You should see the following output.
debian-+ 1005 0.2 1.8 46096 13216 ? Ss 20:46 0:00 /usr/bin/python /usr/sbin/cpfpd start
In Whonix-Gateway konsole, start arm.
arm
In Whonix-Gateway konsole verify Tor configuration file. (post results)
sudo -u debian-tor tor --verify-config
In Whonix-Gateway konsole, restart Tor (Post any error messages)
sudo systemctl restart tor@default
In Whonix-Gateway konsole, run whonixcheck. (post error messages)
whonixcheck --verbose
Remove both Sandbox 1 and ConnectionPadding 1 then repeat steps 5-7.
Did you alter any settings in Whonix-Gateway not specified in the Whonix Documentation?
On arm start
[NOTICE] New control connection opened from 127.0.0.1. [1 duplicate hidden]
[ARM_NOTICE] Unable to prepopulate bandwidth information (insufficient uptime)
[ARM_WARN] The torrc differs from what tor's using. You can issue a sighup to reload the torrc values by pressing x.
- configuration values are missing from the torrc: HiddenServiceStatistics, RunAsDaemon
On validaton ther is no error messages
Configuration was valid
~$ whonixcheck --verbose
[INFO] [whonixcheck] | Whonix-Gateway |
[INFO] [whonixcheck] Input Detection: INPUT_AUTO=true CLI=true GUI=false
stdin connected to terminal. Using cli output. Not using gui output.
Alternatively, if want to run from command line, but still use the graphical user interface for input, you could add to command line: --gui
[INFO] [whonixcheck] Root Check Result: Ok, not running as root.
[INFO] [whonixcheck] Pin torproject.org certificate: disabled.
[INFO] [whonixcheck] Qubes Settings Test Result: Skipped, because Qubes not detected.
[INFO] [whonixcheck] Check Kernel Messages Test Result: Found nothing remarkable, ok.
[INFO] [whonixcheck] Check whonixsetup Result: done, ok.
[INFO] [whonixcheck] Check Package Manager Running Result: None running, ok.
[INFO] [whonixcheck] check network interfaces Result: Ok.
[INFO] [whonixcheck] Tor Check Result: “DisableNetwork 1” in /etc/tor/torrc commented out, ok.
[INFO] [whonixcheck] Tor Config Check Result: /etc/tor/torrc, ok.
[INFO] [whonixcheck] Tor Pid Check Result: Pid 2180 running., ok.
[INFO] [whonixcheck] Control Port Filter Proxy Test Result: OK
[INFO] [whonixcheck] check_anondate_do debugging information:
tor_consensus_status : verified
current_time_in_valid_range: false
tor_cert_lifetime_output :
tor_cert_lifetime_valid : true
tor_cert_valid_after :
[INFO] [whonixcheck] Tor SocksPort Reachability Test Result: Reachable. (curl exit code: 22 | curl status message: [22] - [HTTP page not retrieved. The requested url was not found or returned another error with the HTTP error code being 400 or above. This return code only appears if -f, --fail is used.])
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 0 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 2 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 5 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 7 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 9 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 11 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 13 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 16 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 18 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 20 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 22 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
I should have caught this sooner. You’re using Tor 0.2.9.8. Connection Padding is supported only in Tor version 0.3.1.7 and later.
Have you updated your system? Or are you using a non-default Tor setup? (torproject.list uncommented?) This could also explain why seccomp is not functioning.
Using default one.
I cannot update because tor I cannot connect to tor even without seccomp and ConnectionPadding.
I’ve should import whonix image after that update and then start changing settings ?
What I done is - I imported whonix 13 images and start configuring using Whonix Documentation
What??
You stated that Whonix-Gateway could connect to Tor without seccomp or connectionpadding.
I think we may have been talking past one another. We will have to start over. This is why I wanted to try both with sandbox,connectionpadding and without. That way the differences could be compared.
Lets focus on Whonix-Gateway without secommp or connection padding and leave Control Port Filter Proxy enabled. The latter will help with troubleshooting.
I don’t think you have been able to connect to Tor either with or without seccomp , connection padding. With CPFP disabled there is no notification when Tor does not fully bootstrap (connect)
Bridges are normally for use in areas where:
If you fall into one of those 2 groups, it limits the the methods you can use to troubleshoot. If you don’t, troubleshooting will be a bit easier.
You’ve already eliminated a few possibilities so you can start here:
https://whonix.org/wiki/Bridges#Troubleshooting
The last step is trying bridges that use ports 80 or 443.That may help.
After that I said that
Where I can get a list of bridges that use 80 and 443 ? On bridges.torproject.org they are giving only 2 random bridges per request
Connects to Tor initially, then doesn’t connect to Tor would indicate a different problem. Thats what I thought happened.
But not important. I should have seen that you were using a older version of Tor when anon-info was posted.
The only other way I know would be to ask someone you know and trust if they have a private obfs bridge that you could use. Otherwise you can follow these instructions…
Another way to get bridges is to send an email to bridges@torproject.org. Please note that you must send the email using an address from one of the following email providers: Riseup, Gmail or Yahoo.
Its a PITA but its set up like that for a reason.
Are you using Tor versioning found in the Security Guide? Your anon-info shows that as being uncommented. This could break connectivity.
INFO: /etc/apt/sources.list.d/torproject.list uncommented lines:
https://whonix.org/wiki/Security_Guide#Whonix_and_Debian_Packages
https://whonix.org/wiki/Security_Guide#Tor_Versioning
Note: This action risks breaking connectivity, for instance if the latest Tor version from deb.torproject.org has not been fully tested by Whonix developers at a specific point in time.
I changed sources.list.d, but didn’t update/upgrade.
I tried to remove all setting, remove bridges as well and I get this
[NOTICE] New control connection opened from 127.0.0.1. [3 duplicates hidden]
[WARN] Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Network is unreachable; NOROUTE; count 9; reco-
mmendation warn; host B84F248233FEA90CAD439F292556A3139F6E1B82 at 85.248.227.164:9002) [1 duplicate hidden]
[ARM_NOTICE] Unable to prepopulate bandwidth information (insufficient uptime)
[ARM_WARN] The torrc differs from what tor’s using. You can issue a sighup to reload the torrc values by pressing x.
Many of the errors you posted are arm usability bugs and nothing to worry about.
https://www.whonix.org/wiki/Arm#Arm_FAQ
There is one error that indicates that it a problem with your network connection.
Network is unreachable; NOROUTE;
Possible reasons are
You can try the following to narrow down the possibilities. (this all assumes you have networking in your host )
If you are not able to connect, in Whonix-Gateway konsole run.
whonixcheck