Tor connecting stucks at 2%

Hi.
When I’am starting my Whonix Gateway Anon connection wizard I see 2% connected to tor:
Bootstrap phase: Connected to pluggable transport.
Systemcheck answer:

[INFO] [systemcheck] Tor Connection Result:
- Connecting for 4 seconds. | 2 % done. 
- Tor Circuit: not established.
- Tor reports: NOTICE BOOTSTRAP PROGRESS=2 TAG=conn_done_pt SUMMARY="Connected to pluggable transport"
- Timesync status: not done.
- sdwdate reports: Preparation not done yet. More more information,             see: sdwdate-gui -> right click -> Open sdwdate's log.

Here is sdwdate logs, this extract is iterative:

______ ### START: ### /usr/sbin/anondate-get
____ INFO: anondate-get returned Tor consensus middle range time or minimum time.
____ INFO: The 'anondate-get' time_result is earlier than the current system time, ok. Not setting clock backwards.
____ ### END: ### Exiting with exit_code '3' indicating 'Setting time using anondate either not possible or not required.'.
____ ### START: ### /usr/sbin/anondate-set
____ INFO: Status file '/run/sdwdate/tor_certificate_lifetime_set' does not yet exist.
____ INFO: Running anondate-get...

I also saw an alert with the following text

ERROR: Tor Pid Check Result: 
Tor not running. (tor_pid_message: Pid file /run/tor/tor.pid does not exist.) 
You have to fix this error, before you can use Tor. 
Please restart Tor after fixing this error. 
Start Menu -> System -> Restart Tor
or in Terminal: 
sudo service tor@default restart 
Restart systemcheck after fixing this error. 
Start Menu -> System -> System Check
or in Terminal: 
systemcheck

I use tor bridges, obfs4, it has been worked properly until recently. The same bridge was tested on the host machine and everything is fine. I guess the problem is that time doesn’t set correctly, but I didn’t find smth useful about my problem, and idk how to solve it.

If you need some more info, ask, and I’ll try to answer quickly

No. Year can be set to 1900 or 2100. Tor should run regardless. Connectivity is a different topic.

Please do as instructed. See also:

• Configuration Check
• Log Analysis

Ok, thank you

But I didn’t find any connectivity topic. Could you specify where I got to ask? We may talk about different categories, so note that my currently topic is Support

You’re in the right place.

That error message will be improved in next Whonix version to include a link to documentation which has been written just now:
Tor not running

This is actually progress. Because it means that Tor is running but connectivity is broken.

And this is a regression. A different issue. A worse issue if you want so. (But not a security issue.) It most likely means that the user changed Tor configuration in an invalid way rejected by Tor. Therefore Tor is not even running. To fix: undo / repair any Tor config issues and restart Tor.

Thank you for your detailed answer. As I see it from:
Tor not running. (tor_pid_message: Pid file /run/tor/tor.pid does not exist.) You have to fix this error, before you can use Tor
I should create Tor pid file, so I found a template for performing this:

$> start-stop-daemon --start --chuid <username> --background \
     --make-pidfile --pidfile /var/run/<pidfile>.pid --exec $PROGRAM -- $PROGRAM-ARGUMENT

Annotations:

`--chuid username`: set user you want to run program in.
        (It is best practice if we dont run it with root access)
  `--backgroud`: make program run in background
  `--make-pidfile`: force program to create pidfile
        (sometime it doesnot work. check document of `start-stop-daemon` for more details)
  `--pidfile`: specify pidfile for the program
  `$PROGRAM-ARGUMENT`: is ARGUMENT for the program

But I definitively don’t understand which arguments should I substitute in a variables
$PROGRAM and $PROGRAM-ARGUMENT to complete a Tor pid file creating.

Also I attach a few outputs accordingly:
anon-verify:

/===================================================================\
|                      Report Summary                               |
\===================================================================/
No error detected in your Tor configuration.
Tor verify exit code: 0
/===================================================================\
|                      Tor Full Report                              |
\===================================================================/
Jul 08 13:25:38.151 [notice] Tor 0.4.7.8 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1n, Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.4.8 and Glibc 2.31 as libc.
Jul 08 13:25:38.151 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
Jul 08 13:25:38.151 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Jul 08 13:25:38.152 [notice] Read configuration file "/etc/tor/torrc".
Jul 08 13:25:38.152 [notice] Processing configuration path "/etc/torrc.d/*.conf" at recursion level 1.
Jul 08 13:25:38.152 [notice] Including configuration file "/etc/torrc.d/60_network.conf".
Jul 08 13:25:38.152 [notice] Including configuration file "/etc/torrc.d/65_gateway.conf".
Jul 08 13:25:38.152 [notice] Including configuration file "/etc/torrc.d/65_leak_tests.conf".
Jul 08 13:25:38.153 [notice] Including configuration file "/etc/torrc.d/70_workstation.conf".
Jul 08 13:25:38.153 [notice] Processing configuration path "/usr/share/tor/tor-service-defaults-torrc.anondist" at recursion level 2.
Jul 08 13:25:38.153 [notice] Including configuration file "/usr/share/tor/tor-service-defaults-torrc.anondist".
Jul 08 13:25:38.153 [notice] Including configuration file "/etc/torrc.d/95_whonix.conf".
Jul 08 13:25:38.153 [notice] Processing configuration path "/usr/local/etc/torrc.d/*.conf" at recursion level 2.
Jul 08 13:25:38.153 [notice] Including configuration file "/usr/local/etc/torrc.d/40_tor_control_panel.conf".
Jul 08 13:25:38.153 [notice] Including configuration file "/usr/local/etc/torrc.d/50_user.conf".
Jul 08 13:25:38.154 [warn] Option 'DisableNetwork' used more than once; all but the last value will be ignored.
Jul 08 13:25:38.154 [warn] Option 'DisableNetwork' used more than once; all but the last value will be ignored.
Jul 08 13:25:38.154 [notice] You configured a non-loopback address '10.152.152.10:5300' for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jul 08 13:25:38.154 [notice] You configured a non-loopback address '10.152.152.10:9040' for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Configuration was valid
ERROR: invalid file: '/etc/torrc.d/*.conf'
/===================================================================\
|                 Used Tor Configuration Files                      |
\===================================================================/
2 files are used as Tor configuration files: 
/usr/share/tor/tor-service-defaults-torrc /etc/tor/torrc
=====================================================================

anon-log is too large, so here is only extractions (All the rest is iterative):

vanguards.service:

Started Additional protections for Tor onion services.
NOTICE[Fri Jul 08 12:40:30 2022]: Creating new vanguard state file at: /var/lib/tor/vanguards.state
NOTICE[Fri Jul 08 12:40:30 2022]: Vanguards 0.3.1 connected to Tor 0.4.7.8 using stem 1.8.0
WARNING[Fri Jul 08 12:40:47 2022]: We've been disconnected from the Tor network for 15 seconds!
NOTICE[Fri Jul 08 12:40:49 2022]: Tor daemon connection closed. Trying again...
NOTICE[Fri Jul 08 12:40:50 2022]: Vanguards 0.3.1 connected to Tor 0.4.7.8 using stem 1.8.0
NOTICE[Fri Jul 08 12:40:59 2022]: Tor daemon connection closed. Trying again...
WARNING[Fri Jul 08 12:41:08 2022]: Tor daemon connection failed: [Errno 2] No such file or directory. Trying again...

tor.service:

Starting Anonymizing overlay network for TCP (multi-instance-master)...
Finished Anonymizing overlay network for TCP (multi-instance-master).

/run/tor/log:

Jul 08 12:40:02.000 [notice] Tor 0.4.7.8 opening new log file.
Jul 08 12:40:02.062 [notice] We compiled with OpenSSL 101010ef: OpenSSL 1.1.1n  15 Mar 2022 and we are running with OpenSSL 101010ef: 1.1.1n. These two versions should be binary compatible.
Jul 08 12:40:02.064 [notice] Tor 0.4.7.8 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1n, Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.4.8 and Glibc 2.31 as libc.
Jul 08 12:40:02.489 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
Jul 08 12:40:02.632 [notice] Opening Control listener on 127.0.0.1:9052
Jul 08 12:40:02.632 [notice] Opened Control listener connection (ready) on 127.0.0.1:9052
Jul 08 12:40:13.000 [notice] Bootstrapped 0% (starting): Starting
Jul 08 12:40:15.000 [notice] Starting with guard context "bridges"
Jul 08 12:40:15.000 [notice] Delaying directory fetches: No running bridges
Jul 08 12:40:15.000 [notice] Signaled readiness to systemd
Jul 08 12:40:15.000 [notice] Received reload signal (hup). Reloading config and resetting internal state.
Jul 08 12:40:15.000 [notice] Opened Control listener connection (ready) on /run/tor/control
Jul 08 12:40:15.000 [notice] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
Jul 08 12:40:15.000 [notice] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
Jul 08 12:40:49.000 [notice] Interrupt: exiting cleanly.
Jul 08 12:40:49.854 [notice] We compiled with OpenSSL 101010ef: OpenSSL 1.1.1n  15 Mar 2022 and we are running with OpenSSL 101010ef: 1.1.1n. These two versions should be binary compatible.
Jul 08 12:40:49.855 [notice] Tor 0.4.7.8 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1n, Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.4.8 and Glibc 2.31 as libc.
Jul 08 12:40:49.856 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
Jul 08 12:40:49.872 [notice] Opening Control listener on 127.0.0.1:9052
Jul 08 12:40:49.872 [notice] Opened Control listener connection (ready) on 127.0.0.1:9052
Jul 08 12:40:50.000 [notice] Bootstrapped 0% (starting): Starting
Jul 08 12:40:50.000 [notice] Starting with guard context "bridges"
Jul 08 12:40:50.000 [notice] Delaying directory fetches: No running bridges
Jul 08 12:40:50.000 [notice] Signaled readiness to systemd
Jul 08 12:40:50.000 [notice] Received reload signal (hup). Reloading config and resetting internal state.
Jul 08 12:40:50.000 [notice] Opened Control listener connection (ready) on /run/tor/control
Jul 08 12:40:50.000 [notice] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
Jul 08 12:40:50.000 [notice] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
Jul 08 12:40:50.000 [notice] Received reload signal (hup). Reloading config and resetting internal state.
Jul 08 12:40:59.000 [notice] Interrupt: exiting cleanly.

$ systemcheck --verbose --leak-tests:

[INFO] [systemcheck]  | Whonix-Gateway | Fri 08 Jul 2022 01:48:11 PM UTC
[INFO] [systemcheck] Check sudo Result: OK
[INFO] [systemcheck] Whonix build version: 16.0.4.2
[INFO] [systemcheck] whonix-gateway-packages-dependencies-cli: 22.5-1
[INFO] [systemcheck] derivative_major_release_version /etc/whonix_version: 16
[INFO] [systemcheck] Whonix Support Status of this Major Version: Ok.
[WARNING] [systemcheck] Hardened Malloc: Disabled.
[INFO] [systemcheck] Spectre Meltdown Test: skipping since spectre_meltdown_check=false, ok.
[INFO] [systemcheck] Package Manager Consistency Check Result: Output of command dpkg --audit was empty, ok.
/usr/libexec/msgcollector/msgdispatcher_run_check: line 91: /usr/libexec/msgcollector/msgcollector: Argument list too long
[ERROR] [systemcheck] ###############################################################################
## systemcheck script bug.

$ systemcheck --verbose --leak-tests --function check_tor_socks_port

[INFO] [systemcheck] SocksPort IP Leak Test: Testing Tor's SocksPort (SOCKS_PORT_SYSTEMCHECK: 9110)...
[ERROR] [systemcheck] SocksPort IP Leak Test Result: https://check.torproject.org/api/ip was not reachable.
You could check, if you can reach https://check.torproject.org/api/ip via the Tor Browser Bundle.
(curl exit code: [7] - [Failed to connect to host.])

$ sudo anondate-get:

______ ### START: ### /usr/sbin/anondate-get
______ WARNING: Tor bootstrap not done.
______ INFO: Attempting to determine Tor consensus time middle range...
______ WARNING: Could not determine Tor consensus time middle range.
______ INFO: Attempting to determine Tor certificate lifetime...
______ INFO: Tor certificate lifetime valid, ok.
______ INFO: Could not determine a time later than minimum time from either Tor consensus time or Tor certificate lifetime, ok.
______ INFO: Showing minimum time instead as result...
______ INFO: minimum time: '2022-07-05 16:36:28'
2022-07-05 16:36:28
______ ### END: ### Exiting with exit_code '0' indicating 'Showed Tor consensus time middle range or minimum time.'.

$ sudo apt update: fails

If my first thought about tor pid file creating is wright. Could you prompt which arguments should I type in, instead of 2 variables listed above? Or anything else

No. That must be automatic by the daemon (service), i.e. here by Tor.

No. That’s a path leading nowhere. None of that needed. Absolutely not.

Whonix would like to do better on usability but it’s not complicated to the level of the user having to figure out commands such as start-stop-daemon (which isn’t used much anymore if at all nowadays due to systemd handling that).

This is actually a bug in anon-verify but unrelated here. Will be fixed later but won’t help with your issue.

This is the actual issue that needs to be investigated / fixed.

Easiest:

Please do a factory reset.

(Whonix is based on Kicksecure.)

And then please provide step by step instructions on how to reproduce this issue as per https://www.whonix.org/wiki/Reporting_Bugs#Sample_Bug_Report.

Hi, sure, Once I solve my problem, I’ll explain how I did it.
But today I encountered a new obstacle, I followed your last link, then another one that clarifies my own case, XFCE Settings Reset But if I enter the first command in the manual (which you can see by clicking the “Expand” button)
sudo systemct stop gdm3
I see a black screen with a white caret in a upper left corner. This has been going on for too long. I don’t think it made any difference. So I couldn’t continue performing this method.
I will now install the new Gateway VM. If that doesn’t work, I’ll note about it here.

Probably this…

Required skill: virtual console
https://www.whonix.org/wiki/Desktop#Virtual_Consoles

1. Please learn how to use a virtual console generally. (Unrelated to gdm3.)

2. Try sudo systemct stop gdm3 and then switch virtual console.

Or switch to a virtual console first and run sudo systemct stop gdm3 there.

I tried to set up latest version of whonix for virtualbox, but ran into the same problem, so that doesn’t help. If I switch to virtual console with

Right Ctrl + F1

I just can’t type anything in it, soon I am automatically taken to the login page, after passing that I return to the desktop. If I type in normal terminal (not VC)

sudo systemctl stop gdm3

I get into virtual console
I also can’t enter any symbol in it.
Tried to find answers on google, but nothing came up. Query -
Can't type into virtual console whonix

Try
Right Ctrl + F2
Right Ctrl + F3
instead

Try to find out for Debian + VirtualBox to make it unspecific to Whonix.

I followed every step of the instructions you sent (XFCE Settings Reset)

Please do a factory reset.

Kicksecure ™ Factory Reset

Resetting Kicksecure ™ to Vendor Defaults. Reset configuration files to defaults, re-install meta package, move the system closer to vendor defaults.

after everything has been done, this is whonixcheck output:

~$ whonixcheck
[ERROR] [systemcheck] Tor Pid Check Result:
Tor not running. (tor_pid_message: Pid file /run/tor/tor.pid does not exist.)

You have to fix this error, before you can use Tor.

Please restart Tor after fixing this error.

    Start Menu -> System -> Restart Tor
    or in Terminal: sudo service tor@default restart

Restart systemcheck after fixing this error.

   Start Menu -> System -> System Check
    or in Terminal: systemcheck

The problem still exists

Did you use do factory reset re-install method?

This is the one you probably need here.

I cannot use this method because I do not have a tor connection and without it I cannot install the external files that the manual requires

May be reinstall/changing my host OS will be easier? Would you recommend the Qubes?

How did you download the files initially? Use the same method again?

This isn’t really all that complex. All there is is Tor and its config. Likely some user manually edited config causes Tor to fail and exit. (Not a security issue. Tor simply won’t run.) In a less likely case, anon-connection-wizard or tor-control-panel is writing a faulty config.

Can you remember what you did to cause this? Undo it.

Try deleting these files. Perhaps keep a backup beforehand to be able to compare later to find any issue in the difference.

sudo rm /usr/local/etc/torrc.d/40_tor_control_panel.conf 
sudo rm /usr/local/etc/torrc.d/50_user.conf

Then restart Tor.

Otherwise there’s not that many other config files where there might be user modifications. Easily compared with originals from Whonix source code.