Whonix Wiki Download Docs News Support Tips Issues Contribute DONATE

Tor Not Connecting in Whonix

Been having issues connecting to tor. I am newish to qubes whonix and have seen other topics similar but they differed slightly and no troubleshooting has worked thus yet. First day of downloading qubes 4.1 was able to connect to tor for several hours, but since then have not been able connect. When using bridges, tor configuration gets stuck at 2% “Connected to pluggable transport” OR 10% “Connecting to relay”. When they get stuck here, there is no further movement. Seems like 1/10 times tor show connected without bridges, but whonix icon still shows the open lock and tor browser still does not connect.

sdwdate log viewer shows:

INFO: Running anondate-get…
______ ### START: ### /usr/sbin/anondate-get
____ INFO: anondate-get returned Tor consensus middle range time or minimum time.
____ INFO: The ‘anondate-get’ time_result is earlier than the current system time, ok. Not setting clock backwards.
____ ### END: ### Exiting with exit_code ‘3’ indicating ‘Setting time using anondate either not possible or not required.’.

anondate-get in sys-whonix:

START: ### /usr/sbin/anondate-get

______ WARNING: Tor bootstrap not done.
______ INFO: Attempting to determine Tor consensus time middle range…
______ INFO: Tor consensus time middle range could be determined, ok.
______ WARNING: local system time is NOT within Tor consensus time valid time range. (valid_after: ‘2022-11-16 02:00:00’ | middle_range: ‘2022-11-15 03:30:00’ | valid_until: ‘2022-11-15 05:00:00’)
______ INFO: time_result later than minimum-unixtime-show, ok.
______ INFO: minimum-time-check determined Tor consensus time middle range to be valid (B), ok.
______ INFO: Showing Tor consensus time middle range…
______ INFO: Tor consensus time middle_range: ‘2022-11-15 03:30:00’
2022-11-15 03:30:00
______ ### END: ### Exiting with exit_code ‘0’ indicating ‘Showed Tor consensus time middle range or minimum time.’.

is local system time the same as sys-whonix UTC time? Must I adjust time in sys-whonix to match local time?

Now when running systemcheck in sys whonix gui:

systemcheck gave up waiting.
Tor Circuit: not established
Connection 10 % done. Tor reports: WARN BOOTSTRAP PROGRESS=10 TAG=conn_done SUMMARY=“Connected to a relay” WARNING=“TLS_ERROR” REASON=TLS_ERROR COUNT=1 RECOMMENDATION=ignore HOSTID=“XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX” HOSTADDR=“XX.XX.XXX.XX:XXX”

Though not advised I have manually adjust time in forward and backwards 2 hours just to see if anything would change but no changes.

Thanks in advance to this helpful community if anyone is able to assist in troubleshooting. Learning qubes daily and the fact of this obstacle with tor puts a damper on it.

edit: am able to connect through debian 11/fedora 36 browser, just not through tor. since updates were configured over tor I cannot update to see if, because no tor connection.

Please see…

And…

currently downloading TBB, but i’ll ask a newcomer question, so I downloaded and extracted TorBrowser in a Debian 11 appvm then moved the “tor-browser-linux64-11.5.7_en-US” to debian-11 template. I have reviewed the installing software section and I am not familiar with how to track down where in the debian-11 template this file went. I also don’t know the language enough to launch the tbb from that location.

I have also tried qvm-sync-appmenus start-tor-browser.desktop and have restarted the debian appvm where tbb downloaded and the template and still can’t see the application in qube settings.

I’m sure I missed a step and appreciate any assistance and thank you.

Since this isn’t a Whonix specific issue, this needs to be resolved as per Free Support for Whonix ™ chapter Free Support Principle in Whonix wiki.

@Patrick have also inquired for premium support as have multiple issues to discuss. thanks again

Premium support is unavailable for this issue. I cannot help with this no matter the payment. Reason:

@Patrick scratch the TBB download issue. I have installed TBB in my debian-11 template and have been sucessfully using tor via that. But still the same issue persists within whonix. is it still assumed that it is not a whonix related issue? Or is tor actually overloaded

I have tried multiple fresh qubes installs, have tried various internet connections in various locations, different ISP’s, different type of routers, devices, public/private connections… now getting errors such as:

[warn] Guard “name” is failing an extremely large amount of circuits. This could indicate a route manipulation attack, extreme network overload, or a bug. Success counts are 50/255. Use counts are 6/17. 144 circuits completed, 9 were unusable, 73 collapsed, and 334 timed out. For reference, your timeout cutoff is 60 seconds.

[notice] Bootstrapped 100% (done): Done
Nov 29 11:22… [notice] New control connection opened.
Nov 29 11:22… [notice] New control connection opened.
Nov 29 11:22… [notice] New control connection opened.
Nov 29 11:22… [notice] New control connection opened.
Nov 29 11:22… [notice] New control connection opened.

[warn] Proxy Client: unable to connect OR connection (handshaking (proxy)) with xxx.xxx.xx.x:xxx ID= RSA_ID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (“general SOCKS server failure”)
Nov 29 11:42… [warn] Proxy Client: unable to connect OR connection (handshaking (proxy)) with xxx.xxx.xx.x:xxx ID= RSA_ID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (“general SOCKS server failure”)
Nov 29 11:42… [notice] Interrupt: exiting cleanly.
Nov 29 11:42… [notice] Tor 0.4.7.8 opening log file.
Nov 29 11:42… [notice] We compiled with OpenSSL 101010ef: OpenSSL 1.1.1n 15 Mar 2022 and we are running with OpenSSL 101010ef: 1.1.1n. These two versions should be binary compatible.
Nov 29 11:42… [notice] Tor 0.4.7.8 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1n, Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.4.8 and Glibc 2.31 as libc.
Nov 29 11:42… [notice] Tor can’t help you if you use it wrong! Learn how to be safe at Am I totally anonymous if I use Tor? | Tor Project | Support
Nov 29 11:42… [notice] Read configuration file “/usr/share/tor/tor-service-defaults-torrc”.
Nov 29 11:42… [notice] Read configuration file “/etc/tor/torrc”.
Nov 29 11:42… [notice] Processing configuration path “/etc/torrc.d/.conf" at recursion level 1.
Nov 29 11:42… [notice] Including configuration file “/etc/torrc.d/60_network.conf”.
Nov 29 11:42… [notice] Including configuration file “/etc/torrc.d/65_gateway.conf”.
Nov 29 11:42… [notice] Including configuration file “/etc/torrc.d/65_leak_tests.conf”.
Nov 29 11:42… [notice] Including configuration file “/etc/torrc.d/70_workstation.conf”.
Nov 29 11:42… [notice] Processing configuration path “/usr/share/tor/tor-service-defaults-torrc.anondist” at recursion level 2.
Nov 29 18:42… [notice] Including configuration file “/usr/share/tor/tor-service-defaults-torrc.anondist”.
Nov 29 11:42… [notice] Including configuration file “/etc/torrc.d/95_whonix.conf”.
Nov 29 11:42… [notice] Processing configuration path "/usr/local/etc/torrc.d/
.conf” at recursion level 2.
Nov 29 11:42… [notice] Including configuration file “/usr/local/etc/torrc.d/40_tor_control_panel.conf”.
Nov 29 11:42… [notice] Including configuration file “/usr/local/etc/torrc.d/50_user.conf”.
Nov 29 11:42… [warn] Option ‘DisableNetwork’ used more than once; all but the last value will be ignored.
Nov 29 11:42… [notice] You configured a non-loopback address ‘xx.xxx.x.x:xxxx’ for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Nov 29 11:22… [notice] You configured a non-loopback address ‘xx.xxx.x.x:xxxx’ for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Nov 29 11:22… [notice] You configured a non-loopback address ‘xx.xxx.x.x:xxxx’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Nov 29 11:23… [notice] No circuits are opened. Relaxed timeout for circuit X (a General-purpose client 3-hop circuit in state doing handshakes with channel state open) to 60000ms. However, it appears the circuit has timed out anyway.

these errors are without bridges. With bridges stuck with usual proxy client error.

@Patrick sorry for the repeated reply this is the log from the TBB as I can not distinguish what would cause whonix vs TBB connecting to tor. Bridges were fetched from BridgeDB in TBB settings, the same bridges do not connect in whonix:

21:44:44.962 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/29/22, 21:44:50.198 [NOTICE] New control connection opened from xxx.x.x.x.
11/29/22, 21:45:18.884 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/29/22, 21:45:18.885 [NOTICE] Switching to guard context “bridges” (was using “default”)
11/29/22, 21:47:36.323 [NOTICE] Opening Socks listener on xxx.x.x.x:xxxx
11/29/22, 21:47:36.324 [NOTICE] Opened Socks listener connection (ready) on xxx.x.x:xxxx
11/29/22, 21:47:37.130 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
11/29/22, 21:47:37.132 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
11/29/22, 21:47:37.569 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
11/29/22, 21:47:37.786 [NOTICE] Bootstrapped 14% (handshake): Handshaking with a relay
11/29/22, 21:47:38.400 [NOTICE] Bootstrapped 15% (handshake_done): Handshake with a relay done
11/29/22, 21:47:38.500 [NOTICE] Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
11/29/22, 21:47:38.206 [NOTICE] Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
11/29/22, 21:47:38.359 [WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with xx.xx.xx.xxx:xx ID= RSA_ID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx(“general SOCKS server failure”)
11/29/22, 21:47:38.439 [NOTICE] Bridge ‘xxxxxxxxxxxxxxxx’ has both an IPv4 and an IPv6 address. Will prefer using its IPv4 address (xx.xx.xx.xx:xxxxxx) based on the configured Bridge address.
11/29/22, 21:47:38.440 [NOTICE] new bridge descriptor ‘xxxxxxx’ (xxxxx): xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx[XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] at xx.xx.xx.xx and [xxxxxxxxxxxxxxxxxxxxxxxxxxxx]
11/29/22, 21:47:38.453 [NOTICE] new bridge descriptor ‘xxxxxxxx’ (xxxx): xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] at xxx.xxx.xxx.xxx
11/29/22, 21:47:38.453 [NOTICE] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
11/29/22, 21:47:39.148 [NOTICE] Bootstrapped 76% (ap_conn_pt): Connecting to pluggable transport to build circuits
11/29/22, 21:47:39.149 [NOTICE] Bootstrapped 77% (ap_conn_done_pt): Connected to pluggable transport to build circuits
11/29/22, 21:47:39.680 [NOTICE] Bootstrapped 85% (ap_conn_done): Connected to a relay to build circuits
11/29/22, 21:47:39.885 [NOTICE] Bootstrapped 89% (ap_handshake): Finishing handshake with a relay to build circuits
11/29/22, 21:47:40.297 [NOTICE] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
11/29/22, 21:47:40.298 [NOTICE] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
11/29/22, 21:47:42.152 [NOTICE] Bootstrapped 100% (done): Done
11/29/22, 21:47:42.320 [NOTICE] New control connection opened from xxx.x.x.x.