Sys-whonix sdwdate fails while TailsOS connects fine

I am on a cafe’s wifi network, and here the sys-whonix sdwdate (as well as all the other qubes that make us of sys-whonix qube) fails all the time. This cafe wifi is the only place that I have encountered sdwdate failure to fetch time (or sync time?), and I would like to troubleshoot this issue or at least learn more as to why this occurs.

This is intriguing because the TailsOS is able to connect to the Tor network just fine on the same cafe wifi. So, if it was a “network obstruction” (as is often linked to at the whonix wiki in such discussions), wouldn’t TailsOS also have failed in connecting to the Tor network?

Also, on the Qubes Whonix, on this cafe network, I see a lot of Tor circuits failing, disappearing being replaced by triple dots (“…”). While the TailsOS constructs and maintains the Tor circuits just fine. Why would that be?

Could be because of different Tor entry guards.

(Tor entry guards are a security feature as per Tor default.)

Tails at time of writing does not persist Tor entry guards:

Therefore by rebooting Tails, likely each time different Tor entry guards are being used which increases chances that connectivity will be functional.

And in case you’re wondering how to… Tor Entry Guards - Whonix chapter Manual Rotation of Tor Guards in Whonix wiki

Could be. But Qubes Whonix is unable to successfully do its sdwdate thing, for the past 2 years, in that cafe’s wifi network. During all that time, Whonix should’ve had many different Tor entry guards.

sdwdate is an unsuitable connectivity troubleshooting tool. Reference:
Troubleshooting - Whonix chapter Unsuitable Connectivity Troubleshooting Tools in Whonix wiki

sdwdate uses onions. And onions are difficult to reach due to the DDoS attack which is being run against the Tor network for a long time already. References:

So likely not an sdwdate issue but rather Tor onion connectivity issue?

Can you reproduce Tor onion connectivity issues in one specific location but not in another?

Tor Generic Bug Reproduction might be required.

related:

1 Like

I couldn’t reproduce that. Despite for the past two years I have been using the Qubes Whonix in many different cafe/residential wifi/ethernet networks…

selecting obfs4 bridge makes it worse:

As you can see, whonix cannot even form any circuits with obfs4 bridge selected. When no bridge is selected, at least it forms many circuits (they get destroyed quite frequently, though), but the sdwdate still cannot do the timesync thing (or whatever it tries to do).

Honestly, this thing about whonix is quite frustrating. I am frequently seeing its sdwdate fail (the lock tray icon with a cross is there), and prohibiting me from using Whonix Tor Browser within a disposable qube. I have to resort to using a clearnet browser.

And all the while the tor daemon in my other non-whonix qubes work normally, in the same cafe, that you guys say must be applying some sort of network barrier. I am able to do ssh over tor, able to do proxy over tor daemon in my other non-whonix qubes.

I really would appreciate if whonix could fix this issue.

In this order:

  1. You need a functional Tor connection.
  2. Don’t think about sdwdate yet.
  3. Once Tor is functional, start looking into sdwdate.

Troubleshooting - Whonix chapter Unsuitable Connectivity Troubleshooting Tools in Whonix wiki

To troubleshoot, there is a guide here:

I am saying, my other non-whonix qubes already have a functional tor connection on the same cafe’s network. I can use torsocks, tor proxy etc. on my other non-whonix qubes. Furthermore, I think I have a functional Tor connection with sys-whonix, too. The problem is, for whatever reason, sdwdate cannot pull time data (?) from the onion address pools that it tries. Here are some screenshots:

tor-control-panel

So, do I have a functional Tor connection, or not? How do I deduce this?

Apart from all of this, what annoys me is that, again, my other non-whonix qubes have their tor daemons working as expected. So, if the other non-whonix qubes (plus the TailsOS I mentioned in my OP, plus the Tor Browser that my smartphone has while connected to the same cafe’s wifi) are able to connect and maintain/operate a tor circuit connection, why can’t the sys-whonix??

Unfortunately this is the only way to debug this issue. There are no other shortcuts.