Hi,
I can’t get the Whonix Gateway to connect to Tor. It failed in Qubes 3, then reinstalled from scratch 3.1 with Whonix built in, updated dom0, and strangely still nothing works. I tried to update the whonix-gw template but it requires Whonix-Gateway NetVM for updates…
Whonixcheck failed. Connection works as normal on the fedora VMs.
How should I even debug this?
EDIT: I already tried running tor in a fedora VM and it bootstrapped perfectly, it only happens in Qubes-Whonix-GW.
Thanks.
Is your template connected to a Whonix-Gateway?
Did you follow the steps here: How-to: Install the Stable Version of Qubes-Whonix ™ 16? Read them through carefully to make sure you didn’t skip anything. You can skip to step 4 (optional step) or 5 since you installed via Qubes installer.
Yes, I went over the settings again, and it’s configured as in the instructions. Anyway, why would it matter the template is connected to the GW when the GW isn’t connected to tor? If it’s not working because it’s not updated then it’s the chicken and the egg…
Make sure sys-whonix NetVM is set to a working NetVM such as sys-firewall. (Easy, curde) Reboot. At very least reboot sys-whonix.
Check your clock settings.
Check what Tor logs say.
Tor Documentation for Whonix Users
Rather developers centered, and not anonymous during debugging… “UnWhonix” as per:
How-to: "UnWhonix" - enable clearnet networking
Thanks Patrick, I can’t see anything helpful in the tor log, and I set the time in both host and guest to UTC manually. I’ll try to get a clearnet connection in the GW, but it boggles me, how is it possible on at least 2 different installations, including 3.1, I can’t get a connection on the GW?
A freshly installed qubes3.x with whonix-gw/ws will connect to Tor with no updates needed. So it’s not broken because it’s not updated.
I can’t see anything helpful in the tor log
Well, does it say somewhere 100% Bootstrapped? If it doesn’t, then it should have something helpful.
Open a terminal from the whonix-gw ProxyVM (usually called sys-whonix) and do: tail -f /var/log/tor/log. That will show you what is happening on the Tor connection attempt in real time. That WILL have useful info.
All the /var/log/tor/log says is New control connection oppoened from 127.0.0.1
Tried for 120 seconds to get a connection to …
Application request when we haven’t used client functionality lately. Optimistically trying directory fetches again.
I learned some more directory information, but not enough to build a circuit. We have no recent usable consensus.
You need to post the whole log from /var/log/tor/log on the whonix-gw that serves as your NetVM for templates. Maybe paste it somewhere if you don’t know how to format it in bbcode or markdown. While you’re at it, might as well paste the log from whonixcheck too.
It sounds like tor is in the process of connecting, but it is slow for some reason. What is your NetVM on the whonix-gw ProxyVM? Are you sure you have internet connection in general? You checked on fedora/debian VMs?
EDIT: I already tried running tor in a fedora VM and it bootstrapped perfectly, it only happens in Qubes-Whonix-GW.
This is on the same Qubes system? Fedora template bootstraps tor, but sys-whonix won’t? Doesn’t make sense. Let’s see what the logs have.
Standalone log:
[code]Jun 29 16:47:03.000 [notice] Tor 0.2.7.6 opening new log file.
Jun 29 16:47:03.439 [warn] OpenSSL version from headers does not match the version we’re running with. If you get weird crashes, that might be why. (Compiled with 1000205f: OpenSSL 1.0.2e 3 Dec 2015; running with 1000208f: OpenSSL 1.0.2h-fips 3 May 2016).
Jun 29 16:47:03.457 [notice] Tor v0.2.7.6 running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2h-fips and Zlib 1.2.8.
Jun 29 16:47:03.458 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at Tor Project | Download
Jun 29 16:47:03.458 [notice] Read configuration file “/usr/share/tor/defaults-torrc”.
Jun 29 16:47:03.458 [notice] Read configuration file “/etc/tor/torrc”.
Jun 29 16:47:03.460 [notice] Opening Socks listener on 127.0.0.1:9050
Jun 29 16:47:03.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Jun 29 16:47:03.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Jun 29 16:47:03.000 [notice] Bootstrapped 0%: Starting
Jun 29 16:47:03.000 [notice] Bootstrapped 5%: Connecting to directory server
Jun 29 16:47:03.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Jun 29 16:47:03.000 [notice] Signaled readiness to systemd
Jun 29 16:47:03.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Jun 29 16:47:04.000 [notice] Opening Control listener on /run/tor/control
Jun 29 16:47:05.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Jun 29 16:47:05.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Jun 29 16:47:05.000 [notice] Bootstrapped 100%: Done
Jun 29 16:47:44.000 [notice] Interrupt: exiting cleanly.
[/code]
Whonix tor log:
[code]Jun 26 08:41:49.000 [notice] Tor 0.2.7.6 (git-605ae665009853bd) opening new log file.
Jun 26 08:41:49.116 [notice] Tor v0.2.7.6 (git-605ae665009853bd) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1k and Zlib 1.2.8.
Jun 26 08:41:49.116 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at Tor Project | Download
Jun 26 08:41:49.116 [notice] Read configuration file “/usr/share/tor/tor-service-defaults-torrc”.
Jun 26 08:41:49.116 [notice] Read configuration file “/etc/tor/torrc”.
Jun 26 08:41:49.119 [notice] You configured a non-loopback address ‘10.152.152.10:9050’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 26 08:41:49.119 [notice] You configured a non-loopback address ‘10.152.152.10:9100’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 26 08:41:49.119 [notice] You configured a non-loopback address ‘10.152.152.10:9101’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
…similar lines removed…
Jun 26 08:41:49.120 [notice] You configured a non-loopback address ‘10.152.152.10:9187’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 26 08:41:49.120 [notice] You configured a non-loopback address ‘10.152.152.10:9188’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 26 08:41:49.120 [notice] You configured a non-loopback address ‘10.152.152.10:9189’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 26 08:41:49.120 [notice] You configured a non-loopback address ‘10.152.152.10:5300’ for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 26 08:41:49.120 [notice] You configured a non-loopback address ‘10.152.152.10:9040’ for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 26 08:41:49.120 [notice] Opening Control listener on 127.0.0.1:9051
Jun 26 08:41:49.120 [notice] Opening Control listener on /var/run/tor/control
Jun 26 08:41:49.120 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Jun 26 08:41:49.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Jun 26 08:41:49.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Jun 26 08:41:49.000 [notice] Bootstrapped 0%: Starting
Jun 26 08:41:49.000 [notice] Delaying directory fetches: DisableNetwork is set.
Jun 26 08:41:49.000 [notice] Signaled readiness to systemd
Jun 26 08:42:17.000 [notice] Interrupt: exiting cleanly.
Jun 26 10:53:36.000 [notice] Tor 0.2.7.6 (git-605ae665009853bd) opening log file.
Jun 26 10:53:36.637 [notice] Tor v0.2.7.6 (git-605ae665009853bd) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1k and Zlib 1.2.8.
Jun 26 10:53:36.637 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at Tor Project | Download
Jun 26 10:53:36.637 [notice] Read configuration file “/usr/share/tor/tor-service-defaults-torrc”.
Jun 26 10:53:36.637 [notice] Read configuration file “/etc/tor/torrc”.
Jun 26 10:53:36.639 [notice] You configured a non-loopback address ‘10.152.152.10:9050’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 26 10:53:36.639 [notice] You configured a non-loopback address ‘10.152.152.10:9100’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
…similar lines removed…
Jun 26 10:53:36.640 [notice] You configured a non-loopback address ‘10.152.152.10:9186’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 26 10:53:36.640 [notice] You configured a non-loopback address ‘10.152.152.10:9187’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 26 10:53:36.640 [notice] You configured a non-loopback address ‘10.152.152.10:9188’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 26 10:53:36.640 [notice] You configured a non-loopback address ‘10.152.152.10:9189’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 26 10:53:36.640 [notice] You configured a non-loopback address ‘10.152.152.10:5300’ for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 26 10:53:36.640 [notice] You configured a non-loopback address ‘10.152.152.10:9040’ for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 26 10:53:36.640 [notice] Opening Control listener on 127.0.0.1:9051
Jun 26 10:53:36.641 [notice] Opening Control listener on /var/run/tor/control
Jun 26 10:53:36.641 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Jun 26 10:53:36.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Jun 26 10:53:37.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Jun 26 10:53:37.000 [notice] Bootstrapped 0%: Starting
Jun 26 10:53:37.000 [notice] Delaying directory fetches: DisableNetwork is set.
Jun 26 10:53:37.000 [notice] Signaled readiness to systemd
Jun 26 16:53:38.000 [notice] Heartbeat: Tor’s uptime is 6:00 hours, with 0 circuits open. I’ve sent 0 kB and received 0 kB.
Jun 26 18:09:56.000 [notice] Interrupt: exiting cleanly.
Jun 26 18:12:44.000 [notice] Tor 0.2.7.6 (git-605ae665009853bd) opening log file.
Jun 26 18:12:44.134 [notice] Tor v0.2.7.6 (git-605ae665009853bd) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1k and Zlib 1.2.8.
Jun 26 18:12:44.134 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at Tor Project | Download
Jun 26 18:12:44.134 [notice] Read configuration file “/usr/share/tor/tor-service-defaults-torrc”.
Jun 26 18:12:44.134 [notice] Read configuration file “/etc/tor/torrc”.
Jun 26 18:12:44.136 [notice] You configured a non-loopback address ‘10.152.152.10:9050’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 26 18:12:44.136 [notice] You configured a non-loopback address ‘10.152.152.10:9100’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
…similar lines removed…
Jun 26 18:12:44.137 [notice] You configured a non-loopback address ‘10.152.152.10:9188’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 26 18:12:44.137 [notice] You configured a non-loopback address ‘10.152.152.10:9189’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 26 18:12:44.137 [notice] You configured a non-loopback address ‘10.152.152.10:5300’ for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 26 18:12:44.137 [notice] You configured a non-loopback address ‘10.152.152.10:9040’ for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 26 18:12:44.137 [notice] Opening Control listener on 127.0.0.1:9051
Jun 26 18:12:44.138 [notice] Opening Control listener on /var/run/tor/control
Jun 26 18:12:44.138 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Jun 26 18:12:44.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Jun 26 18:12:44.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Jun 26 18:12:44.000 [notice] Bootstrapped 0%: Starting
Jun 26 18:12:44.000 [notice] Delaying directory fetches: DisableNetwork is set.
Jun 26 18:12:44.000 [notice] Signaled readiness to systemd
Jun 26 20:24:12.000 [notice] Interrupt: exiting cleanly.
Jun 27 08:42:01.000 [notice] Tor 0.2.7.6 (git-605ae665009853bd) opening log file.
Jun 27 08:42:01.778 [notice] Tor v0.2.7.6 (git-605ae665009853bd) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1k and Zlib 1.2.8.
Jun 27 08:42:01.778 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at Tor Project | Download
Jun 27 08:42:01.778 [notice] Read configuration file “/usr/share/tor/tor-service-defaults-torrc”.
Jun 27 08:42:01.778 [notice] Read configuration file “/etc/tor/torrc”.
Jun 27 08:42:01.780 [notice] You configured a non-loopback address ‘10.152.152.10:9050’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 27 08:42:01.781 [notice] You configured a non-loopback address ‘10.152.152.10:9100’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 27 08:42:01.781 [notice] You configured a non-loopback address ‘10.152.152.10:9101’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
…similar lines removed…
Jun 27 08:42:01.781 [notice] You configured a non-loopback address ‘10.152.152.10:9188’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 27 08:42:01.781 [notice] You configured a non-loopback address ‘10.152.152.10:9189’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 27 08:42:01.781 [notice] You configured a non-loopback address ‘10.152.152.10:5300’ for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 27 08:42:01.781 [notice] You configured a non-loopback address ‘10.152.152.10:9040’ for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 27 08:42:01.781 [notice] Opening Control listener on 127.0.0.1:9051
Jun 27 08:42:01.782 [notice] Opening Control listener on /var/run/tor/control
Jun 27 08:42:01.782 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Jun 27 08:42:02.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Jun 27 08:42:02.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Jun 27 08:42:02.000 [notice] Bootstrapped 0%: Starting
Jun 27 08:42:02.000 [notice] Delaying directory fetches: DisableNetwork is set.
Jun 27 08:42:02.000 [notice] Signaled readiness to systemd
Jun 27 14:36:55.000 [notice] Interrupt: exiting cleanly.
Jun 29 12:49:08.000 [notice] Tor 0.2.7.6 (git-605ae665009853bd) opening log file.
Jun 29 12:49:08.129 [notice] Tor v0.2.7.6 (git-605ae665009853bd) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1k and Zlib 1.2.8.
Jun 29 12:49:08.129 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at Tor Project | Download
Jun 29 12:49:08.129 [notice] Read configuration file “/usr/share/tor/tor-service-defaults-torrc”.
Jun 29 12:49:08.129 [notice] Read configuration file “/etc/tor/torrc”.
Jun 29 12:49:08.132 [notice] You configured a non-loopback address ‘10.137.3.1:9050’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 29 12:49:08.132 [notice] You configured a non-loopback address ‘10.137.3.1:9100’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
…similar lines removed…
Jun 29 12:49:08.133 [notice] You configured a non-loopback address ‘10.137.3.1:9186’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 29 12:49:08.133 [notice] You configured a non-loopback address ‘10.137.3.1:9187’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 29 12:49:08.133 [notice] You configured a non-loopback address ‘10.137.3.1:9188’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 29 12:49:08.133 [notice] You configured a non-loopback address ‘10.137.3.1:9189’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 29 12:49:08.133 [notice] You configured a non-loopback address ‘10.137.3.1:5300’ for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 29 12:49:08.133 [notice] You configured a non-loopback address ‘10.137.3.1:9040’ for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 29 12:49:08.133 [notice] Opening Socks listener on 10.137.3.1:9050
Jun 29 12:49:08.133 [notice] Opening Socks listener on 10.137.3.1:9100
Jun 29 12:49:08.133 [notice] Opening Socks listener on 10.137.3.1:9101
Jun 29 12:49:08.133 [notice] Opening Socks listener on 10.137.3.1:9102
…similar lines removed…
Jun 29 12:49:08.134 [notice] Opening Socks listener on 127.0.0.1:9124
Jun 29 12:49:08.134 [notice] Opening Socks listener on 127.0.0.1:9125
Jun 29 12:49:08.134 [notice] Opening Socks listener on 127.0.0.1:9150
Jun 29 12:49:08.134 [notice] Opening DNS listener on 10.137.3.1:5300
Jun 29 12:49:08.134 [notice] Opening Transparent pf/netfilter listener on 10.137.3.1:9040
Jun 29 12:49:08.134 [notice] Opening Control listener on 127.0.0.1:9051
Jun 29 12:49:08.134 [notice] Opening Control listener on /var/run/tor/control
Jun 29 12:49:08.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Jun 29 12:49:08.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Jun 29 12:49:08.000 [notice] Bootstrapped 0%: Starting
Jun 29 12:49:08.000 [notice] Bootstrapped 5%: Connecting to directory server
Jun 29 12:49:08.000 [notice] Signaled readiness to systemd
Jun 29 12:49:08.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Jun 29 12:49:09.000 [notice] Bootstrapped 15%: Establishing an encrypted directory connection
Jun 29 12:49:09.000 [notice] Bootstrapped 20%: Asking for networkstatus consensus
Jun 29 12:49:09.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no recent usable consensus.
Jun 29 12:49:09.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:49:09.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:49:10.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no recent usable consensus.
Jun 29 12:49:11.000 [notice] Bootstrapped 25%: Loading networkstatus consensus
Jun 29 12:49:19.000 [warn] Socks version 71 not recognized. (Tor is not an http proxy.)
Jun 29 12:49:19.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:49:19.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:49:19.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:49:20.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:49:22.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:49:22.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:49:23.000 [notice] New control connection opened.
Jun 29 12:49:24.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:49:24.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:49:25.000 [notice] Received reload signal (hup). Reloading config and resetting internal state.
Jun 29 12:49:25.000 [notice] Read configuration file “/usr/share/tor/tor-service-defaults-torrc”.
Jun 29 12:49:25.000 [notice] Read configuration file “/etc/tor/torrc”.
Jun 29 12:49:25.000 [notice] You configured a non-loopback address ‘10.137.3.1:9050’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 29 12:49:25.000 [notice] You configured a non-loopback address ‘10.137.3.1:9100’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 29 12:49:25.000 [notice] You configured a non-loopback address ‘10.137.3.1:9101’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 29 12:49:25.000 [notice] You configured a non-loopback address ‘10.137.3.1:9102’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
…similar lines removed…Jun 29 12:49:25.000 [notice] You configured a non-loopback address ‘10.137.3.1:9188’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 29 12:49:25.000 [notice] You configured a non-loopback address ‘10.137.3.1:9189’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 29 12:49:25.000 [notice] You configured a non-loopback address ‘10.137.3.1:5300’ for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 29 12:49:25.000 [notice] You configured a non-loopback address ‘10.137.3.1:9040’ for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jun 29 12:49:25.000 [notice] Tor 0.2.7.6 (git-605ae665009853bd) opening log file.
Jun 29 12:49:27.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:49:27.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:49:29.000 [notice] New control connection opened from 127.0.0.1.
…duplicate lines removed…
Jun 29 12:50:15.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:50:15.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:50:17.000 [notice] New control connection opened from 127.0.0.1.
…duplicate lines removed…
Jun 29 12:50:38.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:50:40.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:50:40.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:50:41.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:50:41.000 [notice] New control connection opened from 127.0.0.1.
…duplicate lines removed…
Jun 29 12:51:05.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:51:05.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:51:08.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:51:08.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:51:11.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:51:11.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:51:11.000 [notice] No circuits are opened. Relaxed timeout for circuit 4 (a General-purpose client 1-hop circuit in state doing handshakes with channel state open) to 60000ms. However, it appears the circuit has timed out anyway. 0 guards are live.
Jun 29 12:51:12.000 [warn] Socks version 71 not recognized. (Tor is not an http proxy.)
Jun 29 12:51:12.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:51:12.000 [notice] New control connection opened from 127.0.0.1.
…duplicate lines removed…
Jun 29 12:51:34.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:51:36.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:51:36.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:51:39.000 [notice] New control connection opened from 127.0.0.1.
…duplicate lines removed…
Jun 29 12:52:04.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:52:04.000 [notice] New control connection opened from 127.0.0.1.
…duplicate lines removed…
Jun 29 12:52:32.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:52:32.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:52:34.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:52:34.000 [notice] New control connection opened from 127.0.0.1.
…duplicate lines removed…
Jun 29 12:53:03.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:53:03.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:53:06.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:53:06.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:53:08.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:53:08.000 [notice] New control connection opened from 127.0.0.1.
…duplicate lines removed…
Jun 29 12:55:36.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:55:46.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:55:46.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:55:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 12:55:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 12:55:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 12:55:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 12:55:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 12:55:56.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:55:56.000 [notice] New control connection opened from 127.0.0.1.
…duplicate lines removed…
Jun 29 12:57:48.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:57:48.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:57:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 12:57:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 12:57:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 12:57:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 12:57:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 12:57:58.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:57:58.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:58:08.000 [notice] New control connection opened from 127.0.0.1.
…duplicate lines removed…
Jun 29 12:59:40.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:59:40.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:59:50.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:59:50.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 12:59:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 12:59:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 12:59:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 12:59:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 12:59:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 12:59:54.000 [notice] Application request when we haven’t used client functionality lately. Optimistically trying directory fetches again.
Jun 29 12:59:54.000 [notice] Application request when we haven’t used client functionality lately. Optimistically trying directory fetches again.
Jun 29 12:59:54.000 [notice] Application request when we haven’t used client functionality lately. Optimistically trying directory fetches again.
Jun 29 12:59:54.000 [notice] Application request when we haven’t used client functionality lately. Optimistically trying directory fetches again.
Jun 29 12:59:54.000 [notice] Application request when we haven’t used client functionality lately. Optimistically trying directory fetches again.
Jun 29 13:00:00.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 13:00:00.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 13:00:10.000 [notice] New control connection opened from 127.0.0.1.
…duplicate lines removed…
Jun 29 13:01:42.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 13:01:52.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 13:01:52.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 13:01:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 13:01:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 13:01:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 13:01:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 13:01:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 13:02:02.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 13:02:02.000 [notice] New control connection opened from 127.0.0.1.
…duplicate lines removed…
Jun 29 13:03:44.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 13:03:54.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 13:03:54.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 13:03:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 13:03:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 13:03:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 13:03:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 13:03:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 13:04:04.000 [notice] New control connection opened from 127.0.0.1.
…duplicate lines removed…
Jun 29 13:05:46.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 13:05:46.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 13:05:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 13:05:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 13:05:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 13:05:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 13:05:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 13:05:56.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 13:05:56.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 13:06:07.000 [notice] New control connection opened from 127.0.0.1.
…duplicate lines removed…
Jun 29 13:07:38.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 13:07:48.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 13:07:48.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 13:07:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 13:07:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 13:07:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 13:07:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 13:07:54.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Jun 29 13:07:54.000 [notice] Application request when we haven’t used client functionality lately. Optimistically trying directory fetches again.
Jun 29 13:07:54.000 [notice] Application request when we haven’t used client functionality lately. Optimistically trying directory fetches again.
Jun 29 13:07:54.000 [notice] Application request when we haven’t used client functionality lately. Optimistically trying directory fetches again.
Jun 29 13:07:54.000 [notice] Application request when we haven’t used client functionality lately. Optimistically trying directory fetches again.
Jun 29 13:07:54.000 [notice] Application request when we haven’t used client functionality lately. Optimistically trying directory fetches again.
Jun 29 13:07:58.000 [notice] New control connection opened from 127.0.0.1.
Jun 29 13:07:58.000 [notice] New control connection opened from 127.0.0.1.
[/code]
R3.1 or R3.2? Everything R3.1 or R.2 or something mixed?
IP 10.152.152.10 seems wrong. Something about replace-ips probably does not work.
For debugging please run the following commands.
sudo systemctl --failed list-units
sudo service qubes-whonix-postinit status
sudo journalctl -u qubes-whonix-postinit | cat
[quote=“Patrick, post:10, topic:2662”]
R3.1 or R3.2? Everything R3.1 or R.2 or something mixed?
[/quote]It’s the same Qubes R3.1 .
sudo systemctl --failed list-units:
[code]user@host:~$ sudo systemctl --failed list-units
UNIT LOAD ACTIVE SUB DESCRIPTION
● apparmor.service loaded failed failed LSB: AppArmor initialization
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
1 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use ‘systemctl list-unit-files’.[/code]
sudo service qubes-whonix-postinit status:
[code]user@host:~$ sudo service qubes-whonix-postinit status
● qubes-whonix-postinit.service - Qubes-Whonix post init
Loaded: loaded (/lib/systemd/system/qubes-whonix-postinit.service; enabled)
Active: active (exited) since Thu 2016-06-30 08:45:14 UTC; 5min ago
Process: 484 ExecStart=/usr/lib/qubes-whonix/init/qubes-whonix-postinit (code=exited, status=0/SUCCESS)
Main PID: 484 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/qubes-whonix-postinit.service
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + ‘[’ -d /rw/srv/whonix/etc/tor ‘]’
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + sync
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + mount --bind /rw/srv/whonix/etc/tor /etc/tor
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + sync
Jun 30 08:45:13 host qubes-whonix-postinit[484]: + exit 0
Jun 30 08:45:13 host qubes-whonix-postinit[484]: + /usr/lib/qubes-whonix/replace-ips
Jun 30 08:45:14 host qubes-whonix-postinit[484]: + ‘[’ -e /var/run/qubes-service/whonix-gateway ‘]’
Jun 30 08:45:14 host qubes-whonix-postinit[484]: + ‘[’ -e /var/run/qubes-service/whonix-tor-enable ‘]’
Jun 30 08:45:14 host qubes-whonix-postinit[484]: + ‘[’ -e /var/run/qubes-service/whonix-tor-disable ‘]’
Jun 30 08:45:14 host systemd[1]: Started Qubes-Whonix post init.[/code]
sudo journalctl -u qubes-whonix-postinit | cat:
user@host:~$ sudo journalctl -u qubes-whonix-postinit | cat
-- Logs begin at Thu 2016-06-30 08:42:44 UTC, end at Thu 2016-06-30 08:51:05 UTC. --
Jun 30 08:45:11 host systemd[1]: Starting Qubes-Whonix post init...
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + '[' -e /var/run/qubes-service/whonix-gateway ']'
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + /usr/lib/qubes-whonix/bind-directories
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + '[' -e /var/run/qubes-service/whonix-gateway ']'
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + BINDS=('/rw/srv/whonix/var/lib/tor:/var/lib/tor' '/rw/srv/whonix/var/lib/whonix:/var/lib/whonix' '/rw/srv/whonix/var/lib/whonixcheck:/var/lib/whonixcheck' '/rw/srv/whonix/var/cache/whonix-setup-wizard:/var/cache/whonix-setup-wizard' '/rw/srv/qubes-whonix/var/cache/qubes-whonix:/var/cache/qubes-whonix' '/rw/srv/whonix/etc/tor:/etc/tor')
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + for bind in '${BINDS[@]}'
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + rw_dir=/rw/srv/whonix/var/lib/tor
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + ro_dir=/var/lib/tor
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + umount /var/lib/tor
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + true
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + '[' -n '' ']'
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + '[' -d /var/lib/tor ']'
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + '[' -d /rw/srv/whonix/var/lib/tor ']'
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + sync
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + mount --bind /rw/srv/whonix/var/lib/tor /var/lib/tor
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + for bind in '${BINDS[@]}'
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + rw_dir=/rw/srv/whonix/var/lib/whonix
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + ro_dir=/var/lib/whonix
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + umount /var/lib/whonix
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + true
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + '[' -n '' ']'
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + '[' -d /var/lib/whonix ']'
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + '[' -d /rw/srv/whonix/var/lib/whonix ']'
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + sync
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + mount --bind /rw/srv/whonix/var/lib/whonix /var/lib/whonix
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + for bind in '${BINDS[@]}'
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + rw_dir=/rw/srv/whonix/var/lib/whonixcheck
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + ro_dir=/var/lib/whonixcheck
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + umount /var/lib/whonixcheck
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + true
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + '[' -n '' ']'
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + '[' -d /var/lib/whonixcheck ']'
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + '[' -d /rw/srv/whonix/var/lib/whonixcheck ']'
Jun 30 08:45:11 host qubes-whonix-postinit[484]: + sync
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + mount --bind /rw/srv/whonix/var/lib/whonixcheck /var/lib/whonixcheck
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + for bind in '${BINDS[@]}'
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + rw_dir=/rw/srv/whonix/var/cache/whonix-setup-wizard
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + ro_dir=/var/cache/whonix-setup-wizard
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + umount /var/cache/whonix-setup-wizard
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + true
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + '[' -n '' ']'
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + '[' -d /var/cache/whonix-setup-wizard ']'
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + '[' -d /rw/srv/whonix/var/cache/whonix-setup-wizard ']'
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + sync
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + mount --bind /rw/srv/whonix/var/cache/whonix-setup-wizard /var/cache/whonix-setup-wizard
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + for bind in '${BINDS[@]}'
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + rw_dir=/rw/srv/qubes-whonix/var/cache/qubes-whonix
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + ro_dir=/var/cache/qubes-whonix
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + umount /var/cache/qubes-whonix
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + true
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + '[' -n '' ']'
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + '[' -d /var/cache/qubes-whonix ']'
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + mkdir -p /var/cache/qubes-whonix
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + '[' -d /rw/srv/qubes-whonix/var/cache/qubes-whonix ']'
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + sync
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + mount --bind /rw/srv/qubes-whonix/var/cache/qubes-whonix /var/cache/qubes-whonix
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + for bind in '${BINDS[@]}'
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + rw_dir=/rw/srv/whonix/etc/tor
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + ro_dir=/etc/tor
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + umount /etc/tor
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + true
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + '[' -n '' ']'
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + '[' -d /etc/tor ']'
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + '[' -d /rw/srv/whonix/etc/tor ']'
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + sync
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + mount --bind /rw/srv/whonix/etc/tor /etc/tor
Jun 30 08:45:12 host qubes-whonix-postinit[484]: + sync
Jun 30 08:45:13 host qubes-whonix-postinit[484]: + exit 0
Jun 30 08:45:13 host qubes-whonix-postinit[484]: + /usr/lib/qubes-whonix/replace-ips
Jun 30 08:45:14 host qubes-whonix-postinit[484]: + '[' -e /var/run/qubes-service/whonix-gateway ']'
Jun 30 08:45:14 host qubes-whonix-postinit[484]: + '[' -e /var/run/qubes-service/whonix-tor-enable ']'
Jun 30 08:45:14 host qubes-whonix-postinit[484]: + '[' -e /var/run/qubes-service/whonix-tor-disable ']'
Jun 30 08:45:14 host systemd[1]: Started Qubes-Whonix post init.
Looks good so far.
I guess you did not experiment with any special versions of Tor? Probably not…
Please run for debugging purposes and post the output here.
cat /var/cache/qubes-whonix/whonix-ip-gateway
cat /var/cache/qubes-whonix/whonix-ip-local
sudo ifconfig
sudo route
qubesdb-multiread /
Try running manually.
sudo /usr/lib/qubes-whonix/replace-ips
Then check if IP was updated in /usr/share/tor/tor-service-defaults-torrc.
cat /usr/share/tor/tor-service-defaults-torrc | grep -i TransPort
IP should be changed away from 10.152.152.10 to 10.137.... Is the IP changed?
Note to myself, different Tor versions worth investigating:
me sys-whonix (updated)
Jun 30 19:57:21.000 [notice] Tor 0.2.7.6 (git-605ae665009853bd) opening new log file.
Jun 30 19:57:21.411 [warn] OpenSSL version from headers does not match the version we're running with. If you get weird crashes, that might be why. (Compiled with 100010bf: OpenSSL 1.0.1k 8 Jan 2015; running with 1000114f: OpenSSL 1.0.1t 3 May 2016).
Jun 30 19:57:21.432 [notice] Tor v0.2.7.6 (git-605ae665009853bd) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8.
me Debian VM using deb.torproject.org jessie:
Jun 30 20:26:39.000 [notice] Tor 0.2.7.6 (git-605ae665009853bd) opening log file.
Jun 30 20:26:39.539 [warn] OpenSSL version from headers does not match the version we're running with. If you get weird crashes, that might be why. (Compiled with 100010bf: OpenSSL 1.0.1k 8 Jan 2015; running with 1000114f: OpenSSL 1.0.1t 3 May 2016).
Jun 30 20:26:39.557 [notice] Tor v0.2.7.6 (git-605ae665009853bd) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8.
you:
Jun 29 16:47:03.000 [notice] Tor 0.2.7.6 opening new log file.
Jun 29 16:47:03.439 [warn] OpenSSL version from headers does not match the version we're running with. If you get weird crashes, that might be why. (Compiled with 1000205f: OpenSSL 1.0.2e 3 Dec 2015; running with 1000208f: OpenSSL 1.0.2h-fips 3 May 2016).
Jun 29 16:47:03.457 [notice] Tor v0.2.7.6 running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2h-fips and Zlib 1.2.8.
user@host:~$ cat /var/cache/qubes-whonix/whonix-ip-gateway
10.137.3.1
user@host:~$ cat /var/cache/qubes-whonix/whonix-ip-local
cat: /var/cache/qubes-whonix/whonix-ip-local: No such file or directory
[code]user@host:~$ sudo ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3e:5e:6c:08
inet addr:10.137.2.10 Bcast:10.255.255.255 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:329 errors:0 dropped:0 overruns:0 frame:0
TX packets:182 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:375498 (366.6 KiB) TX bytes:50063 (48.8 KiB)
eth1 Link encap:Ethernet HWaddr f6:ba:53:55:a8:42
inet addr:10.137.3.1 Bcast:10.255.255.255 Mask:255.255.255.255
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:3025 errors:0 dropped:0 overruns:0 frame:0
TX packets:3025 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:228362 (223.0 KiB) TX bytes:228362 (223.0 KiB)[/code]
user@host:~$ sudo route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.137.2.1 0.0.0.0 UG 0 0 0 eth0
10.137.2.1 * 255.255.255.255 UH 0 0 0 eth0
user@host:~$ qubesdb-multiread /
name = sys-whonix
qubes-base-template = whonix-gw
qubes-block-devices =
qubes-debug-mode = 0
qubes-gateway = 10.137.2.1
qubes-ip = 10.137.2.10
qubes-iptables = reload
qubes-iptables-error =
qubes-iptables-header = # Generated by Qubes Core on Thu Jun 30 17:07:59 2016\x0a*filter\x0a:INPUT DROP [0:0]\x0a:FORWARD DROP [0:0]\x0a:OUTPUT ACCEPT [0:0]\x0a-A INPUT -i vif+ -p udp -m udp --dport 68 -j DROP\x0a-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT\x0a-A INPUT -p icmp -j ACCEPT\x0a-A INPUT -i lo -j ACCEPT\x0a-A INPUT -j REJECT --reject-with icmp-host-prohibited\x0a-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT\x0a-A FORWARD -i vif0.0 -j ACCEPT\x0a-A FORWARD -i vif+ -o vif+ -j DROP\x0aCOMMIT\x0a
qubes-keyboard = xkb_keymap {\x0a\x09xkb_keycodes { include "evdev+aliases(qwerty)"\x09};\x0a\x09xkb_types { include "complete"\x09};\x0a\x09xkb_compat { include "complete"\x09};\x0a\x09xkb_symbols { include "pc+us+inet(evdev)"\x09};\x0a\x09xkb_geometry { include "pc(pc104)"\x09};\x0a};
qubes-netmask = 255.255.255.0
qubes-netvm-domid = 2
qubes-netvm-gateway = 10.137.3.1
qubes-netvm-netmask = 255.255.255.0
qubes-netvm-network = 10.137.3.0
qubes-netvm-primary-dns = 10.137.3.1
qubes-netvm-secondary-dns = 10.137.3.254
qubes-primary-dns = 10.137.2.1
qubes-secondary-dns = 10.137.2.254
qubes-service/meminfo-writer = 1
qubes-timezone = America/New_York
qubes-usb-devices =
qubes-vm-persistence = rw-only
qubes-vm-type = ProxyVM
qubes-vm-updateable = False
user@host:~$ sudo /usr/lib/qubes-whonix/replace-ips
[code]user@host:~$ cat /usr/share/tor/tor-service-defaults-torrc | grep -i TransPort
TransPort 10.137.3.1:9040
##TransPort 127.0.0.1:9041[/code]
How is it possible it’s not working only for me after a clean reinstall?
Any ideas on what I should try next?
Thanks.
Going back to your first post…
Did you resolve this issue? You created a separate Whonix-Gateway ProxyVM using your Gateway Template right? You are not using the Template itself as a NetVM?
I used the default GW and WS as created by Qubes, and the Template isn’t set as a NetVM. Why does it matter if I resolved this anyway, that’s not the issue really, as even an outdated 3.1R should work.
The issue is, that the replace-ips scripts is executed when it should and does not fail. What makes this even stranger is, that the replace-ips script works upon manual execution. So I am out of ideas why it does not actually replace IPs in your case.
Do you know how to observe the execution of a python script as one could do with bash xtrace set -x? @marmarek
Do you know how to observe the execution of a python script as one could do with bash xtrace
set -x? @marmarek
No, I do not. But you can add some debug logging (print …).
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Will attaching another network adapter help to debug this, or another HW alteration perhaps?
What is at 10.137.2.1? sys-net or sys-firewall? Was Tor in Fedora connected to the same netVM?
@Patrick Why is DisableNetwork still True?
Try running sudo whonixsetup again?