Tor's Control Port could not be reached!

I have just setup the Whonix-Gateway and Whonix-Workstation…

The Whonix-Gateway whonixcheck is reporting all green, however, The Whonix-Workstation whonixcheck complains that Tor’s Control Port could not be reached!

Troubleshooting Items
-> Confirm Whonix-Gateway is running: CHECK
-> Run whonixcheck on Whonix-Gateway and confirm success: CHECK (SUCCESS)
-> I am not running multiple Workstations: CHECK
-> Rerun whonixcheck in Workstation: CHECK (Errors Persist)

Technical Information:
tor_circuit_established_check_exit_code: 255
…port_open_test: 28
Tor Circuit: not established

I have read the other forum topics that are related to this problem, but none seem to have a clear answer or solution

I am running Whonix-Gateway and Workstation

When I try to run the workstation browser for ipcheck, it says, Secure Connection Failed

I just ran ifconfig on the Workstation and it says

inet netmask broadcast

RX Packets 1406 bytes 65044 (63.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1423 bytes 91662 (89.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 6633

I have installed a vanilla guest OS on the host and confirmed that is capable of reaching the net and downloading web pages…

I am not sure how to continue troubleshooting, please advise

Hi jkygtiflug

Thanks for the detailed report! Not sure what hypervisor you are using but did you download KVM images from this repo? Note the mistaken “//” in the link.

If so, those images are defective and were thought to be deleted. You should download new images if that is the case. See this thread.


If not, could you please provide the output of this command. Be sure to redact any sensitive info.

bash -x whonixcheck --function check_tor_socks_port_reachability

1 Like

Those images are good. The only problem is with the checksum files belonging to an older now overwritten release.

1 Like

I am running the VMs under behind a pfSense firewall, It is proving to be a challenge to get to the output from the command you asked me to run in a manner in which i can cut and paste it. I am using something called noVNC to connect to the machine which doesn’t allow for a cut n paste, however, I can tell you that it exited with EXIT_CODE=1

Since there is no internet connectivity, I can not install SSH on the Workstation, is there anyway to trouble shoot this from another guest OS?

btw, I can ping the gateway from the workstation…

Just re-download. Take snapshots before first-run and start over. Sometimes it’s just quicker that way instead of chasing down obscure bugs that many don’t see. KVM checksum problem has been fixed BTW.

That did the trick, I had a networking configuration issue, I was following a tutorial from this forum, that didn’t have the correct networking setup… Thank you guys for your help

Did you manage to run this on proxmox?

What would downloading again change? How was the download disrupted? I am using KVM on a Fedora host, which is a valid structure according to the installation guidelines.

I thought the problem was that there were not enough vcpus allocated to the Gateway. I increased from 1 to 3. CPU1 (thread) is still running at 100%, so if I increase the number of vcpus with virsh, it doesn’t translate into allocating more threads to distribute that percentage more evenly and thus reducing fan speed.

But it looks like (if I forget about the constant high fan noise) that the functionality question has to do with the Control Port not being opened on the Gateway. Shouldn’t that already be configured? How should I edit the torrc on Gateway CLI? Then the Workstation can’t sdwdate sync because the Control Port is closed, right?
. . .
onion-time-pre-script detected error status
. . .


A non-malicious bit flip is unlikely since then tar checksums would be wrong.

If it’s a malicious modification then, host system compromise, then you have bigger issues, all bets are off. That however is unlikely from what I’ve seen so far which seems more likely general Linux / KVM issues and user Tor configuration issues.

Not much indeed. Just when users download Whonix, then modify something without keeping exact notes, without providing exact steps how to reproduce it, then it’s not easy to figure out what exactly was modified or how to revert it. Takes longer to explain and check than a clean re-installation.

So that’s what needed. Starting clean and describing exactly in detail all the modifications you did such as while file edited and what contents saved there. Reasonable reactions are ok but otherwise it’s highly unlikely that your issue can be resolved in this forum.

You posted about this elsewhere. Here: Adding vcpu's to Whonix-Gateway? - #6 by ReCreateQubesS76G6

Stop double posting. It won’t result in your issue getting resoled any faster or resolved at all. Just creates more mess.