[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

No DNS on Whonix-Gateway

Support
#1

I think I have broken something on whonix-gateway, all uwt wrapped apps on whonix-gateway cant resolve dns hostnames. My /etc/resolv.conf is empty, it cant resolve hostnames on clearnet user either.

What tor port uwt wrapper on whonix gateway uses to resolve dns? Maybe I had ovveriden that port in /etc/tor/torrc…
Where else should I look to fix that problem?

I need that because I need to install “vnstat” traffic counter on whonix gateway, but neither apt-get nor any other network app cant resolve dns names now.

Whonix-workstation working well though

P.S. I am using bare-metal configuration without VM, so it’s likely that I have broken something. Anyway it WAS working just after installation.

#2

Whonix-Gateway doesn’t have system DNS on purpose. The rationale of this is explained on this page…
Getting the global system DNS resolver working on Whonix-Gateway (usually recommended against and unnecessary):

What does whonixcheck say?

#3

BTW I needed to enable IP forwarding. I know what I am doing but you can still warn me in case you think I missed something. I have tested firewall with IP forwarding enabled and found no leaks (it rejects FORWARD chain from eth1, so I guess disabled IP forwarding is just additional layer of security but not critical).

And now I noticed that not only DNS but also any internet connections on whonix-gateway are not working

May ip_forward=1 be the problem?

[INFO] [whonixcheck] IP Forwarding Result: /proc/sys/net/ipv4/ip_forward is 1. [INFO] [whonixcheck] Tor Bootstrap Result: Connected to Tor. [INFO] [whonixcheck] Whonix is produced independently of, with no guarantee from, The Tor Project. Whonix is experimental software. Do not rely on it for strong anonymity. https://www.whonix.org [INFO] [whonixcheck] SocksPort Test: Testing Tor's SocksPort... [ERROR] [whonixcheck] SocksPort Test Result: https://check.torproject.org was not reachable. (curl exit code: [7] - [Failed to connect to host.]) You could check, if you can reach https://check.torproject.org via the Tor Browser Bundle. [INFO] [whonixcheck] Whonix News Download: Checking for Whonix news and updates... [ERROR] [whonixcheck] Whonix News Result: Download of Whonix News File failed. [INFO] [whonixcheck] Debian Package Update Check: Checking for software updates via apt-get... [WARNING] [whonixcheck] Debian Package Update Check Result: Could not check for software updates! (apt-get code: 100) Please manually check: (Open a terminal, Start menu -> Applications -> System -> Terminal.) sudo apt-get update && sudo apt-get dist-upgrade [INFO] [whonixcheck] Whonix APT Repository: Enabled. When the Whonix team releases JESSIE updates, they will be AUTOMATICALLY installed (when you run apt-get dist-upgrade) along with updated packages from the Debian team. Please read https://www.whonix.org/wiki/Trust to understand the risk. If you want to change this, use: sudo whonix_repository

pc behind whonix-gateway still works well with current configuration

#4
May ip_forward=1 be the problem?
Probably not.
What tor port uwt wrapper on whonix gateway uses to resolve dns?
Documented here: https://www.whonix.org/wiki/Stream_Isolation
Maybe I had ovveriden that port in /etc/tor/torrc...
Quite possible. torrc syntax is non-trivial, see: https://trac.torproject.org/projects/tor/ticket/15261

Remove your custom settings back and forth to see if that it is.

#5

When I try to put single SocksPort option in /etc/tor/torrc any tor ports stops working.

I am using defaults now and everything is ok. When I edit /usr/share/tor/tor-service-defaults-torrc directly everything is ok. I dont know if it’s a bug or a feature. So I will put my settings there now.

Also wanted to say that whonix build scripts are broken now. I tried installing it from git on i386-netinst wheezy and jessie using tutorial with no success. 9.6 frozen just throws error in the middle and 10.0.0.0.5-stable don’t start building at all. Then I found apt-get repositories and everything works fine now.

Thanks for the help

#6
I am using defaults now and everything is ok. When I edit /usr/share/tor/tor-service-defaults-torrc directly everything is ok. I dont know if it's a bug or a feature.
Tor usability issue. User syntax error. Relevant info here: https://trac.torproject.org/projects/tor/ticket/15261#comment:1
So I will put my settings there now.
Will be lost after upgrade of Tor.
Also wanted to say that whonix build scripts are broken now. I tried installing it from git on i386-netinst wheezy and jessie using tutorial with no success. 9.6 frozen just throws error in the middle and 10.0.0.0.5-stable don't start building at all.
9.6 no longer supported.

Requires separate thread + [relevant] build log.

Then I found apt-get repositories and everything works fine now.
Dunno what you mean.
#7

[quote=“eelaiM3o, post:5, topic:1209”]Also wanted to say that whonix build scripts are broken now. I tried installing it from git on i386-netinst wheezy and jessie using tutorial with no success. 9.6 frozen just throws error in the middle and 10.0.0.0.5-stable don’t start building at all. Then I found apt-get repositories and everything works fine now.

Thanks for the help[/quote]

I wouldn’t use any apt repositories unless they are provided by the Whonix devs. You don’t really know what you’re using!

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]