No longer able to access the net via my VpnVM?


I managed to set up a VpnVM earlier and then route whonix gateway through that VpnVM and initially it worked fine. Lately though nothing from whonix is getting through the VpnVM? Using just the VpnVM for other AppVMs works fine but when I try to use the whonix appvm nada, I can’t connect to a site (via browser nor pinging from a terminal).

I am not sure where to start diagnosing the problem here, so any thoughts would be appreciated!


Run whonixcheck in sys-whonix.
If no errors, run whonixcheck in anon-whonix.

Confirm each VM’s netVM:
sys-net -- vpnVM -- sys-whonix -- anon-whonix


Thx for the reply.

I tried to run whonixcheck in both sys-whonix and anon-whonix vms and got pretty much the same thing:
user@host:~$ whonixcheck
[INFO] [whonixcheck] anon-whonix | Whonix-Workstation | whonix-ws Template-Based AppVM | Sat Dec 24 03:11:27 UTC 2016
[INFO] [whonixcheck] Connected to Tor.
[INFO] [whonixcheck] SocksPort Test: Testing Tor’s SocksPort…
[INFO] [whonixcheck] SocksPort Test Result: Connected to Tor. IP:
[INFO] [whonixcheck] TransPort Test: Testing Tor’s TransPort…
[INFO] [whonixcheck] TransPort Test Result: Connected to Tor. IP:
[INFO] [whonixcheck] Stream Isolation Test Result: Functional.
[INFO] [whonixcheck] Whonix News Download: Checking for Whonix news and updates…
[INFO] [whonixcheck] Whonix News Result:
√ Up to date: whonix-workstation-packages-dependencies 3.4.2-1
[INFO] [whonixcheck] Debian Package Update Check: Checking for software updates via apt-get… ( Documentation: https://www.whonix.org/wiki/Update )
[WARNING] [whonixcheck] Debian Package Update Check Result: apt-get reports that packages can be updated.
Please update your ‘whonix-ws’ TemplateVM.

  1. Open a TemplateVM terminal. (dom0 -> Start Menu -> Template: whonix-ws -> Terminal)
  2. Update. sudo apt-get update && sudo apt-get dist-upgrade
  3. Shutdown your TemplateVM. (dom0 -> Qubes VM Manager -> right click ‘whonix-ws’ -> Shutdown VM)
  4. Shutdown and restart this Template-Based AppVM. (dom0 -> Qubes VM Manager -> right click ‘anon-whonix’ -> Shutdown VM)
    [INFO] [whonixcheck] Whonix APT Repository: Enabled.
    When the Whonix team releases JESSIE updates,
    they will be AUTOMATICALLY installed (when you run apt-get dist-upgrade)
    along with updated packages from the Debian team. Please
    read https://www.whonix.org/wiki/Trust to understand the risk.
    If you want to change this, use:
    sudo whonix_repository

As for the route they take, the anon-whonix -> sys-whonix -> VpnVM -> sys-firewall -> sys-net

I noticed you didn’t include sys-firewall, should I be omiting that in the chain/route? Also, I hadn’t changed the route when it stopped working so it was using the above route at the time it stopped working… Thoughts?


Good news! Your Whonix system is mostly working.

This is normal. Whonix-Gateway eats pings. https://www.whonix.org/wiki/FAQ#Why_can.27t_I_ping_the_Whonix-Gateway.3F

This is not normal. But judging by the following result, you are able to connect to sites on the net. So this may be a Tor Browser issue, similar to: Anon-whonix qube proxy error... Tor disabled

Let’s do this first. Normally, you could just do sudo apt-get update && sudo apt-get dist-upgrade in your Whonix templates. Unfortunately, we had a rather eventful week: apt-get upgrading security issue CVE-2016-1252. And the best recommendation in terms of security is for you to re-install your Whonix templates: https://www.whonix.org/blog/whonix-13-0-0-1-4. [You are obviously free to make your own choices - the old templates can still function correctly. Personally, I would re-download and go make a cup of coffee and enjoy some peace of mind. :slight_smile: ]

Once you’ve got your templates installed, run sudo apt-get update && sudo apt-get dist-upgrade in both of your whonix templates.

Let us know if it’s still not working and we can take a look at some firewall rules.


That got it! Thanx!!