Tor is not yet fully bootstrapped. 30 % done

Hi All,

I’m trying to set up whonix gateway in my KVM environment. The VM boots fine but I can’t get it to establish a tor connection. Instead it gets “stuck” at 30%.

More detail:

KVM is working for multiple other windows/linux VMs and is stable.

Whonix image imported per instructions.

All services started
user@host:~$ sudo systemctl list-units --failed
0 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use ‘systemctl list-unit-files’.

Time sync has been checked and is more or less correct (up to 2 minutes out).

Clearnet test works from gateway - I can curl the tor check page as per the troubleshooting instructions

sdwlog gets spammed with the following:
2020-01-19 04:27:32 - sdwdate - INFO - The clock is sane.
Within build timestamp Fri 22 Nov 2019 04:16:03 PM UTC and expiration timestamp Tue 17 May 2033 10:00:00 AM UTC.
2020-01-19 04:27:32 - sdwdate - WARNING - Tor is not yet fully bootstrapped. 30 % done.
Tor reports: NOTICE BOOTSTRAP PROGRESS=30 TAG=loading_status SUMMARY=“Loading networkstatus consensus”

Eventually the daemon times out with this message:
Tor reports: WARN BOOTSTRAP PROGRESS=30 TAG=loading_status SUMMARY="Loading networkstatus consensus" WARNING="Connection timed out" REASON=TIMEOUT COUNT=1

But it appears to keep trying anyway.

syslog/daemon/journald logs are spammed with this:
New control connection opened.

I’ve found that if I drop the firewall (iptables -F) and adjust the default policy for the chain to ACCEPT I get a connection.

Tor itself is not blocked in my country. I can use the tor-browser without problems.

Tor - Whonix

This is the only weird thing. Everything else is expected. The first such report in 7 years. To debug enable logging in Whonix firewall:

sudoedit /usr/bin/whonix-gateway-firewall

Search for
## Log

You’ll find:

#$iptables_cmd -A FORWARD -j LOG --log-prefix "Whonix blocked forward4: "
#$iptables_cmd -A OUTPUT -j LOG --log-prefix "Whonix blocked output4: "
#$iptables_cmd -A INPUT -j LOG --log-prefix "Whonix blocked input4: "

Comment these in by removing the # in front of it.

$iptables_cmd -A FORWARD -j LOG --log-prefix "Whonix blocked forward4: "
$iptables_cmd -A OUTPUT -j LOG --log-prefix "Whonix blocked output4: "
$iptables_cmd -A INPUT -j LOG --log-prefix "Whonix blocked input4: "

Then journal should show what’s blocked.

1 Like