INFO: /etc/apt/sources.list.d/torproject.list uncommented lines:
deb http;//sdscoq7snqtznauu.onion/torproject.org jessie main
INFO: version of the ‘tor’ package: 0.2.9.8-2~d80.jessie+1
Problem is because between http and // is ; and not : ?
It was like that by default I think, I do not remember how I changed it
I don’t think it’s whonix gateway or whonix workstation problem.
I had same problem in Tails in KVM, after I installed NTP at host problem got solved and I could connect to Tor. So problem got fixed for Tails, but not for Whonix. Whonix and Tails use different network sources
When I start control port
Failed to start control-port-filter-proxy-python.service: Unit control-port-filter-proxy-python.service failed to load: No such file or directory.
Failed to parse/validate config: Unknown option ‘ConnectionPadding’. Failing.
The torrc differs from what tor’s using. You can issue a sighup to reload the torrc values by pressing x.
configuration values are missing from the torrc: HiddenServiceStatistics, RunAsDaemon
Could you please try the debug instructions again. There are a few more step needed to enable CPFP which I added to the instructions. This should produce more error messages when whonixcheck is run.
When following the steps 1-8 for the first time Sandbox and ConnectionPadding is added to your torrc. The second time remove both options to see if Tor connects.
In Whonix-Gateway konsole, activate CPFP.
sudo nano /etc/whonix_firewall.d/50_user.conf
Add the following content
CONTROL_PORT_FILTER_PROXY_ENABLE=1
In Whonix-Gateway konsole, enable autostart of CPFP.
[NOTICE] New control connection opened from 127.0.0.1. [1 duplicate hidden]
[ARM_NOTICE] Unable to prepopulate bandwidth information (insufficient uptime)
[ARM_WARN] The torrc differs from what tor's using. You can issue a sighup to reload the torrc values by pressing x.
- configuration values are missing from the torrc: HiddenServiceStatistics, RunAsDaemon
On validaton ther is no error messages Configuration was valid
~$ whonixcheck --verbose
[INFO] [whonixcheck] | Whonix-Gateway |
[INFO] [whonixcheck] Input Detection: INPUT_AUTO=true CLI=true GUI=false
stdin connected to terminal. Using cli output. Not using gui output.
Alternatively, if want to run from command line, but still use the graphical user interface for input, you could add to command line: --gui
[INFO] [whonixcheck] Root Check Result: Ok, not running as root.
[INFO] [whonixcheck] Pin torproject.org certificate: disabled.
[INFO] [whonixcheck] Qubes Settings Test Result: Skipped, because Qubes not detected.
[INFO] [whonixcheck] Check Kernel Messages Test Result: Found nothing remarkable, ok.
[INFO] [whonixcheck] Check whonixsetup Result: done, ok.
[INFO] [whonixcheck] Check Package Manager Running Result: None running, ok.
[INFO] [whonixcheck] check network interfaces Result: Ok.
[INFO] [whonixcheck] Tor Check Result: “DisableNetwork 1” in /etc/tor/torrc commented out, ok.
[INFO] [whonixcheck] Tor Config Check Result: /etc/tor/torrc, ok.
[INFO] [whonixcheck] Tor Pid Check Result: Pid 2180 running., ok.
[INFO] [whonixcheck] Control Port Filter Proxy Test Result: OK
[INFO] [whonixcheck] check_anondate_do debugging information:
tor_consensus_status : verified
current_time_in_valid_range: false
tor_cert_lifetime_output :
tor_cert_lifetime_valid : true
tor_cert_valid_after :
[INFO] [whonixcheck] Tor SocksPort Reachability Test Result: Reachable. (curl exit code: 22 | curl status message: [22] - [HTTP page not retrieved. The requested url was not found or returned another error with the HTTP error code being 400 or above. This return code only appears if -f, --fail is used.])
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 0 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 2 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 5 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 7 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 9 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 11 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 13 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 16 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 18 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 20 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 22 seconds. 10 % done. Tor Circuit: not established. Tor reports: NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
I should have caught this sooner. You’re using Tor 0.2.9.8. Connection Padding is supported only in Tor version 0.3.1.7 and later.
Have you updated your system? Or are you using a non-default Tor setup? (torproject.list uncommented?) This could also explain why seccomp is not functioning.
Using default one.
I cannot update because tor I cannot connect to tor even without seccomp and ConnectionPadding.
I’ve should import whonix image after that update and then start changing settings ?
What I done is - I imported whonix 13 images and start configuring using Whonix Documentation
You stated that Whonix-Gateway could connect to Tor without seccomp or connectionpadding.
I think we may have been talking past one another. We will have to start over. This is why I wanted to try both with sandbox,connectionpadding and without. That way the differences could be compared.
Lets focus on Whonix-Gateway without secommp or connection padding and leave Control Port Filter Proxy enabled. The latter will help with troubleshooting.
I don’t think you have been able to connect to Tor either with or without seccomp , connection padding. With CPFP disabled there is no notification when Tor does not fully bootstrap (connect)
Bridges are normally for use in areas where:
Tor could be considered suspicious or dangerous
Tor use is censored
If you fall into one of those 2 groups, it limits the the methods you can use to troubleshoot. If you don’t, troubleshooting will be a bit easier.
You’ve already eliminated a few possibilities so you can start here:
Connects to Tor initially, then doesn’t connect to Tor would indicate a different problem. Thats what I thought happened.
But not important. I should have seen that you were using a older version of Tor when anon-info was posted.
The only other way I know would be to ask someone you know and trust if they have a private obfs bridge that you could use. Otherwise you can follow these instructions…
Another way to get bridges is to send an email to bridges@torproject.org. Please note that you must send the email using an address from one of the following email providers: Riseup, Gmail or Yahoo.
Note: This action risks breaking connectivity, for instance if the latest Tor version from deb.torproject.org has not been fully tested by Whonix developers at a specific point in time.
I changed sources.list.d, but didn’t update/upgrade.
I tried to remove all setting, remove bridges as well and I get this
[NOTICE] New control connection opened from 127.0.0.1. [3 duplicates hidden]
[WARN] Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Network is unreachable; NOROUTE; count 9; reco-
mmendation warn; host B84F248233FEA90CAD439F292556A3139F6E1B82 at 85.248.227.164:9002) [1 duplicate hidden]
[ARM_NOTICE] Unable to prepopulate bandwidth information (insufficient uptime)
[ARM_WARN] The torrc differs from what tor’s using. You can issue a sighup to reload the torrc values by pressing x.
configuration values are missing from the torrc: HiddenServiceStatistics, RunAsDaemon
[ARM_NOTICE] Tor is preventing system utilities like netstat and lsof from working. This means that arm can’t provide you
with connection information. You can change this by adding ‘DisableDebuggerAttachment 0’ to your torrc and restarting tor. For
more information see… Security enhancement against malware for Tor (#3313) · Issues · Legacy / Trac · GitLab
[ARM_NOTICE] No armrc loaded, using defaults. You can customize arm by placing a configuration file at ‘/home/user/.arm/ar-
mrc’ (see the armrc.sample for its options).