Tor SocksPort unreachable (just) in anon-whonix

Hello,

there are a few similar problems reported here, but not mine exactly, so I dare posting this. (;

My set-up: Qubes 4 latest, Whonix 15 fresh install, Qubes VPN Proxy appVM/qube (Debian 9) fresh install (GitHub - tasket/Qubes-vpn-support: VPN configuration in Qubes OS), OpenVPN via TCP file from Provider

This set-up worked flawlessly with Whonix 14, with UDP.

Completed every step here: Connecting to Tor before a VPN

The VPN qube works fine everywhere, Tor via sys-whonix/whonix-15-gw works fine – just anon-whonix resp. whonix-15-ws resp. Tor Browser can’t connect.

Output from whonixcheck in anon-whonix:

[INFO] [whonixcheck] Qubes qubes-db Test Result: Connection to local qubes-db daemon succeeded, ok.
 [INFO] [whonixcheck] Qubes Settings Test Result: Ok. (GATEWAY_IP: 10.137.0.9)
 [INFO] [whonixcheck] Qubes Settings Test Result: Ok, qubes_vm_type is AppVM.
 [INFO] [whonixcheck] Check Kernel Messages Test Result: Found nothing remarkable, ok.
 [INFO] [whonixcheck] check network interfaces Result: Ok.
 [INFO] [whonixcheck] Check Package Manager Running Result: None running, ok.
 [INFO] [whonixcheck] Tor Check Result: Not running on Whonix-Gateway, ok.
  [INFO] [whonixcheck] Tor Config Check Result: Tor config ok.
  [INFO] [whonixcheck] Tor Pid Check Result: Not running on Whonix-Gateway., ok.
  [WARNING] [whonixcheck] Tor SocksPort Reachability Test Result: Unreachable! (curl exit code: 28 | curl status message: [28] - [Operation timeout. The specified time-out period was reached according to the conditions.])
  [ERROR] [whonixcheck] Tor Connection Result:
  Tor's Control Port could not be reached!

Did I miss something concerning time-out periods? I have no idea where to change this – and never had to do/change something like this.

Thanks a lot for any hint,
rob1/mastor

Not timeout issue. whonixcheck test can’t success in that VM setup.
whonixcheck configuration issue.

Connecting to Tor before a VPN

Which instructions? Separate VPN Gateway? I don’t think these are complete. At least whonixcheck instructions (above are missing).

I can confirm that something like this occurred to me, too. But I am not using a VPN.

Since a few Qubes Whonix Updates ago (I unforunately do not remember which one exactly) I cannot reach the Internet with any application in a whonix-15-ws-Machine.
As I assumed something in the Template-VMs might be broken, so I reinstalled Qubes Whonix completely. The bug however remains.

If you cannot confirm any issues, I may need to reinstall Qubes OS completely. Which is something I would rather like to avoid; especially if the source of error is actually located elsewhere.

Thanks a lot!

Hi Houree. This might belong in a new thread, but we’ll see. When you reinstalled Whonix, did you follow Uninstall Qubes-Whonix ™ all the way and delete your templates, then How-to: Install the Stable Version of Qubes-Whonix ™ 16 to install 15? Is your dom0 up to date on patches, too? If you’ve done all the above, then I agree, a full reinstall might be in order…

Hi, I can confirm this issue. Since the last update yesterday, any VM that routes via sys-whonix cannot connect to the Internet. In the DVM based on whonix-ws-15, whonixcheck fails:

[INFO] [whonixcheck] disp7417 | Whonix-Workstation | whonix-ws-15-dvm DispVM AppVM | Thu 19 Sep 2019 05:55:18 AM UTC
[ERROR] [whonixcheck] Tor Connection Result:
Tor's Control Port could not be reached!

Troubleshooting:
- Confirm that Whonix-Gateway is running.
- Run whonixcheck on Whonix-Gateway and confirm success.

- Rerun whonixcheck here in this Whonix-Workstation.

(Technical information:)
(tor_circuit_established_check_exit_code: 277)
(tor_bootstrap_timeout_type: )
(tor_bootstrap_status: )
(check_socks_port_open_test: 28)
(Tor Circuit: not established)

When running whonixcheck directly inside sys-whonix, it succeeds. Checking for updates with whonix-gw-15 works as well. It would be great if this issue would be solved quickly.

Note that I also made an update to dom0 yesterday so this could be caused by Qubes as well. In case it matters, here is a summary of my dom0 updates as well:

Upgraded python3-qubesdb-4.0.10-1.fc25.x86_64              @anaconda/rawhide
Upgrade                  4.0.11-1.fc25.x86_64              @qubes-dom0-cached
Upgraded qubes-db-4.0.10-1.fc25.x86_64                     @anaconda/rawhide
Upgrade           4.0.11-1.fc25.x86_64                     @qubes-dom0-cached
Upgraded qubes-db-dom0-4.0.10-1.fc25.x86_64                @anaconda/rawhide
Upgrade                4.0.11-1.fc25.x86_64                @qubes-dom0-cached
Upgraded qubes-db-libs-4.0.10-1.fc25.x86_64                @anaconda/rawhide
Upgrade                4.0.11-1.fc25.x86_64                @qubes-dom0-cached
Upgraded qubes-manager-4.0.36-1.fc25.noarch                @qubes-dom0-cached
Upgrade                4.0.39-1.fc25.noarch                @qubes-dom0-cached
Erase    kernel-1000:4.14.74-1.pvops.qubes.x86_64          @anaconda/rawhide
Install  kernel-1000:4.19.71-1.pvops.qubes.x86_64          @qubes-dom0-cached
Erase    kernel-qubes-vm-1000:4.14.74-1.pvops.qubes.x86_64 @anaconda/rawhide
Install  kernel-qubes-vm-1000:4.19.71-1.pvops.qubes.x86_64 @qubes-dom0-cached

Edit: Problem solved by setting an older default VM kernel in the “Qubes Global Settings” in Qubes Manager. Apparently kernel{-qubes-vm}-1000:4.19.71-1 breaks Whonix.

No upgrades by Whonix for more than one week. Therefore a Qubes package might have broken this.

//cc @marmarek

Any idea?

See my edit above.

Great find!

Could you report against Qubes please at Issues · QubesOS/qubes-issues · GitHub and link the the issue from here?

Done, Issue #5331 (unfortunately I cannot post links here).

Edit by Patrick:
add link

Thanks. Edited to add link.
(And edited your account to allow link posting.)

This sounds familiar now- whonix-gateway not reachable - #21 by marmarek again? Try qvm-features sys-whonix ipv6 '' to disable IPv6 for sys-whonix.