No connectivity in GW

I reinstalled the GW template, created a new one, and nothing connects.

Did you emulate the fix containing waiting for tor@default?

I emulated it now, and I got the same result.

EDIT: suddenly, for the first time, it seems to be working normally… I can’t explain that.
Only thing I can get to work is update the template, it doesn’t seem to connect to the proxyvm (connection refused), and yeah, I made sure whonix-gw template is set to use the GW network…
EDIT 2: When I do apt-get update Arm reports Rejecting SOCKS request for anonymous connection to private address [scrubbed].
It’s still connecting to Tor after much longer than non-whonix tor in Qubes (been running for an hour now and still no successful connection).
EDIT 3: been running for hours and no successful bootstrapping.
EDIT 4: I tried R3.2. Same result.

Any idea on how to debug this? Tor Browser is running just fine on another VM.

Thank you very much for still not having given up on this!

Please regard this:
Kicksecure Forums Usage Instructions, Best Practices and FAQ


R3.2 has additional complications. ( sys-firewall [sometimes] broken, does not function as ProxyVM in Qubes R3.2 RC1 )

Try connecting sys-whonix to sys-net rather than sys-firewall to exclude another possible source of issues.

Unrelated. Documented here:
Control and Monitor Tor

Compare with a Debian based ProxyVM running Tor.

Not easy. “UnWhonix”, i.e. make Whonix-Gateway more similar to a Debian VM running Tor.

How-to: "UnWhonix" - enable clearnet networking

Then Tor should bootstrap as quickly as in non-Whonix VMs. Then re-add what Whonix does.

I did the UnWhonix guide and now tor connects. Another change I had to make was to set the NetVM to sys-net for WhonixGW (also in the fedora-23 VM’s to get networking).
Still confused…

After setting your NetVM to sys-net, Whonix was fine?

Then it could be the following Qubes upstream bug:

The fix for it is currently only available in the Qubes testing repository. You might want to get that update or wait until it flows to stable.

It wasn’t all I did, I both UnWhonix’d the Gateway, AND set the NetVM to sys-net.
Now I’m trying to see which change exactly made it work, but it’s not so easy, sometimes when I restart Gateway it reverts back to the old configuration files…

EDIT: it’s now working with NetVM set to sys-net and a flushed iptables, but I get a warning Could not check for software udpates (apt-get has same error in the TemplateVM as well ).
How can it be it’s working for others but not for me in this case?

That is a bug. Reference:

It is fixed in Qubes R3.2rc2 and qubes-whonix 5.7-1 (currently only in Whonix jessie-proposed-updates and testers repository).

Thanks Patrick.
Any idea why it works for everyone else but me?
I could try eliminating the iptables rules for the buggy line, but it still bugs me why it happens only to me…

No. Could perhaps be hardware related.

Thank you a lot for your patience and persistence!

The upcoming version of Qubes-Whonix stable maintenance release will be much more robust against race conditions. When it is out, please try it. (Might be a few days.)

Qubes-Whonix 13.0.0.1.2 TemplateVMs - Testers Wanted!

I installed the same Qubes in a different machine, but behind the same router, and had the same problem. Does it mean the router could be causing this somehow? When I clear the iptables rules it works, so this is odd.

Maybe. I once heard such a report that it was all the router’s fault but that reporter did not go into details.

Should I just flush the iptables and allow everything considering I’m behind a router (with NAT)?
Which rules should I include?

No.

I’d like to debug this further, but I have to use a usb wifi adapter. I couldn’t find any instructions on how to use a usb wifi in Qubes - do you have any links to help with that?

Thanks

No, never tried that myself. Please try the Qubes help (probably mailing list).

Found something that could help.

OK. When I used a different modem it connected.
This is bewildering, I don’t have any such problems with VritualBox Whonix.
What could possibly be causing this?

That is very strange indeed.

No idea. Can only speculate.

A simple modem? Or a more sophisticated device with many (firewall)
settings or router?

Perhaps any firewall settings blocking some outgoing ports? Perhaps deep
package inspection (DPI) or other stuff such as intrusion prevention
system (IDS IPS) that is detecting a false positive and blocking it?

It’s a modem-router. I can’t see any DPI or IDS IPS options in the router’s interface. For clarification I didn’t use the same ISP when tested Qubes with another modem (modem+ISP were different, not only modem).

EDIT: I’d venture to say it has to do with the country where I live in, which is notorious for surveillance by the government, if Tor standalone failed to work on the same Qubes OS too.