[SOLVED]Updates fail after configuring VPN on Workstation

I am setting up Tor->VPN so I followed this Connecting to Tor before a VPN and deactivated all wrappers/removed Tor Browser proxy settings. Did not deactivate Misc Settings because I don’t think it’s necessary(is it?).

VPN connects successfully. I can ping ips, but apt-get doesn’t work and tor browser cannot connect.

Only issue in Whonix check is “could not check for software updates.”

Any ideas on how to fix this?
Thanks in advance.

Recheck the deactivate uwt wrappers instructions.

If it still doesn’t work please run the following command so we can see if uwt has really been disabled.

sudo uwtwrapper_parent=/usr/bin/apt-get bash -x /usr/lib/uwtwrapper update

Also try running the following command which will certainly not use uwt.

sudo apt-get.anondist-orig update

I appreciate the help. I rechecked the instructions and made sure that uwtwrapper_global=“0” was added. Both of those commands you provided result in the same
"ERR http://…"

"W: Failed to fetch"
Errors that I get when the updates fail.
Could this be due to the fact that I set TOR_TRANSPROXY=1 in /etc/environment? Or that I didn’t deactivate misc proxy settings?

I really need to see that output. When running

sudo uwtwrapper_parent=/usr/bin/apt-get bash -x /usr/lib/uwtwrapper update

results in a line at the end…

exec /usr/bin/apt-get.anondist-orig update

Then everything is fine and the rest of the output can be discarded, but
if not there would be a configuration problem.

Grey:

Could this be due to the fact that I set TOR_TRANSPROXY=1 in /etc/environment?

No, because apt-get ignores that environment variable.

Or that I didn’t deactivate misc proxy settings?

No, because unrelated.

1 Like

Result of:

+ set -o pipefail
++ basename /usr/lib/uwtwrapper
+ SCRIPTNAME=uwtwrapper
+ trap error_handler ERR
+ '[' /usr/bin/apt-get = '' ']'
+ uwtwrapper_parent=/usr/bin/apt-get
+ '[' '!' -e /usr/bin/apt-get.anondist-orig ']'
+ declare -A -g timeprivacy
+ declare -A -g uwtwrapper
+ declare -A -g uwtport
+ '[' -n '' ']'
+ timeprivacy_global=0
+ '[' -n '' ']'
+ uwtwrapper_global=1
+ '[' -n '' ']'
+ uwtport["/usr/bin/git"]=9107
+ '[' -n '' ']'
+ uwtport["/usr/bin/apt-get"]=9104
+ '[' -n '' ']'
+ uwtport["/usr/bin/curl"]=9117
+ '[' -n '' ']'
+ uwtport["/usr/bin/gpg"]=9105
+ '[' -n '' ']'
+ uwtport["/usr/bin/mixmaster-update"]=9120
+ '[' -n '' ']'
+ uwtport["/usr/bin/rawdog"]=9118
+ '[' -n '' ']'
+ uwtport["/usr/bin/ssh"]=9106
+ '[' -n '' ']'
+ uwtport["/usr/bin/wget"]=9109
+ '[' -n '' ']'
+ uwtport["/usr/bin/aptitude-curses"]=9124
+ '[' -n '' ']'
+ uwtport["/usr/bin/yum"]=9125
+ '[' -n '' ']'
+ uwtport["/usr/bin/yumdownloader"]=9125
+ settings_detection
+ '[' '' = 1 ']'
+ command -v qubesdb-read
+ '[' -f /usr/share/anon-ws-base-files/workstation ']'
+ GATEWAY_IP=10.152.152.10
+ return 0
+ shopt -s nullglob
+ for i in '/etc/uwt.d/*.conf'
+ bash -n /etc/uwt.d/30_timeprivacy_default.conf
+ source /etc/uwt.d/30_timeprivacy_default.conf
++ timeprivacy_global=0
+ for i in '/etc/uwt.d/*.conf'
+ bash -n /etc/uwt.d/30_uwt_default.conf
+ source /etc/uwt.d/30_uwt_default.conf
++ uwtwrapper_global=0
+ for i in '/etc/uwt.d/*.conf'
+ bash -n /etc/uwt.d/50_uwt_user.conf
+ source /etc/uwt.d/50_uwt_user.conf
++ uwtwrapper_global=0
+ port=9104
+ '[' '' = 1 ']'
+ '[' 0 = 1 ']'
+ fake_time=
+ privacy_time=
+ '[' 0 = 0 ']'
+ '[' '' = faketime ']'
+ sanity_tests_general update
+ '[' /usr/bin/apt-get = '' ']'
+ '[' '!' -e /usr/bin/apt-get.anondist-orig ']'
+ '[' '!' -x /usr/bin/apt-get.anondist-orig ']'
+ exit_code=0
+ exec /usr/bin/apt-get.anondist-orig update
Err http://www.whonix.org jessie InRelease
  
Err http://security.debian.org jessie/updates InRelease                 
  
Err http://ftp.us.debian.org jessie InRelease                           
  
Err http://security.debian.org jessie/updates Release.gpg
  Could not resolve 'security.debian.org'
Err http://ftp.us.debian.org jessie Release.gpg
  Could not resolve 'ftp.us.debian.org'
Err http://www.whonix.org jessie Release.gpg
  Could not resolve 'www.whonix.org'
Err http://ppa.launchpad.net xenial InRelease
  
Err http://ppa.launchpad.net xenial Release.gpg
  Could not resolve 'ppa.launchpad.net'
Reading package lists... Done
W: Failed to fetch http://security.debian.org/dists/jessie/updates/InRelease  

W: Failed to fetch http://ftp.us.debian.org/debian/dists/jessie/InRelease  

W: Failed to fetch http://ppa.launchpad.net/webupd8team/java/ubuntu/dists/xenial/InRelease  

W: Failed to fetch http://www.whonix.org/download/whonixdevelopermetafiles/internal/dists/jessie/InRelease  

W: Failed to fetch http://www.whonix.org/download/whonixdevelopermetafiles/internal/dists/jessie/Release.gpg  Could not resolve 'www.whonix.org'

W: Failed to fetch http://security.debian.org/dists/jessie/updates/Release.gpg  Could not resolve 'security.debian.org'

W: Failed to fetch http://ftp.us.debian.org/debian/dists/jessie/Release.gpg  Could not resolve 'ftp.us.debian.org'

W: Failed to fetch http://ppa.launchpad.net/webupd8team/java/ubuntu/dists/xenial/Release.gpg  Could not resolve 'ppa.launchpad.net'

W: Some index files failed to download. They have been ignored, or old ones used instead.

So uwt is off indeed.

Did you test DNS?

Test DNS. DNS resolve some domain. Resolve check.torproject.org or maybe better some server of your choice.

nslookup check.torproject.org

Connection timed out for that.

Problem found. Fix your DNS as per instructions.

1 Like

When I use sudo route the first default gateway I get is 10.8.1.1, it’s tun0 so it should function as my VPN DNS server right? Not sure what I’m doing wrong because after adding that to /etc/resolv.conf, nslookup still does not work. I’ve tried other IPs returned by sudo route as well.

Instructions were updated.

These are now using resolvconf for automatic DNS configuration.

Please test!

Changelog:

1 Like

Ok awesome Patrick those corrections to the wiki fixed it :smile:

Only new warning with whonix check was "Whonix Meta Packages test Result: Whonix-Workstation detected that the meta package non-qubes-whonix-workstation is not installed
I assume I can probably ignore this^

And, now that my VPN is configured on the workstation, my IP, whenever I look it up, is the IP of the VPN server, however my connection is still torified by the gateway even though it appears this is not so from the Workstation, correct?

btw while we are at it just a few small typos I noticed on the wiki:

/usr/lib/tmpfiles.d/50_openvpn-unpriv.conf <–the ‘-’ should be a '_'
the whonixcheck conf is 50_whonixcheck_user.conf not 50_user.conf
the uwt wrapper conf is 50_uwt_user.conf not 50_user.conf

I am very grateful for your help. Thanks!

Thanks for testing!

Requires background knowledge. The disadvantage of the resolvconf method is… This is now prerequisite knowledge:

Yes.

Thanks, fixed!

These are correct. Both ways to name these files work. The _whonixcheck_ and _uwt_ part was used in past. But not so pretty/helpful. So it was removed.

Related:

1 Like