[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Unable to setup Corridor on Qubes-Whonix


#1

Hi, fist time here : )

Since I’m pretty paranoid about possible DNS leaks, I would still like to use Corridor on top of Qubes-Whonix though I frequently hear Whonix is very secure when it comes to DNS leak protection.

So I have been conforming the following manual,

but I get totally stuck in “test corridor” stage before I can go ahead and actually set it up for sys-whonix.
I use Tor Browser Bundle for testing, but the Tor Browser can never goes further than,

Bootstrapped 85%: Finishing handshake with first hop

followed with
[WARN] Proxy Client: unable to connect to X.X.X.X:AAAA (“general SOCKS server failure”)
[NOTICE] Delaying directory fetches: No running bridges

(I hope to configure Corridor to connect to bridges)

and “general socks failure” warning goes continuing over and over.

When I go capture and observe packets in Wireshark, all those I can see are two kinds: TCP packets sent from "corridor-client"VM to Tor bridge nodes, and ICMP packets sent from sys-corridor to corridor-client, saying “Destination unreachable (Host administratively prohibited)”.

And typing
sudo systemctl status corridor-data corridor-init-forwarding corridor-init-logged corridor-init-snat
in terminal shows the following,

● corridor-data.service - corridor’s relay list
Loaded: loaded (/lib/systemd/system/corridor-data.service; enabled)
Drop-In: /lib/systemd/system/corridor-data.service.d
└─qubes-service.conf, qubes.conf
Active: inactive (dead) since Tue 2018-07-10 16:32:22 JST; 3h 17min ago
Process: 667 ExecStart=/usr/sbin/corridor-data (code=exited, status=0/SUCCESS)
Main PID: 667 (code=exited, status=0/SUCCESS)

Jul 10 16:32:22 sys-corridor systemd[1]: Starting corridor’s relay list…
Jul 10 16:32:22 sys-corridor systemd[1]: Started corridor’s relay list.
Jul 10 16:32:22 sys-corridor corridor-data[667]: corridor_relays updated.

● corridor-init-forwarding.service - corridor’s forwarding
Loaded: loaded (/lib/systemd/system/corridor-init-forwarding.service; enabled)
Drop-In: /lib/systemd/system/corridor-init-forwarding.service.d
└─qubes-service.conf, qubes.conf
Active: active (exited) since Tue 2018-07-10 16:32:19 JST; 3h 17min ago
Process: 418 ExecStart=/bin/rm -f /var/run/qubes-service/qubes-firewall (code=exited, status=0/SUCCESS)
Process: 360 ExecStart=/usr/sbin/corridor-init-forwarding (code=exited, status=0/SUCCESS)
Main PID: 418 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/corridor-init-forwarding.service

Jul 10 16:32:19 localhost corridor-init-forwarding[360]: net.ipv4.ip_forward = 1
Jul 10 16:32:19 localhost corridor-init-forwarding[360]: net.ipv6.conf.all.forwarding = 0
Jul 10 16:32:19 localhost systemd[1]: Started corridor’s forwarding.

● corridor-init-logged.service - corridor’s logging
Loaded: loaded (/lib/systemd/system/corridor-init-logged.service; enabled)
Drop-In: /lib/systemd/system/corridor-init-logged.service.d
└─qubes-service.conf, qubes.conf
Active: activating (start) since Tue 2018-07-10 16:32:22 JST; 3h 17min ago
Main PID: 689 (corridor-init-l)
CGroup: /system.slice/corridor-init-logged.service
├─ 689 /bin/sh -e /usr/sbin/corridor-init-logged
└─4172 sleep 1

Jul 10 16:32:22 sys-corridor systemd[1]: Starting corridor’s logging…

● corridor-init-snat.service - corridor’s source NAT
Loaded: loaded (/lib/systemd/system/corridor-init-snat.service; enabled)
Drop-In: /lib/systemd/system/corridor-init-snat.service.d
└─qubes-service.conf, qubes.conf
Active: active (exited) since Tue 2018-07-10 16:32:22 JST; 3h 17min ago
Process: 688 ExecStart=/usr/sbin/corridor-init-snat (code=exited, status=0/SUCCESS)
Main PID: 688 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/corridor-init-snat.service

Jul 10 16:32:22 sys-corridor systemd[1]: Starting corridor’s source NAT…
Jul 10 16:32:22 sys-corridor systemd[1]: Started corridor’s source NAT.

unfortunately I have no idea about what’s happening and very little luck on proceeding further…
I use Qubes4.0 and whonix-gw3.4.2-1, I have my ethernet and AWUS036NHA attached to sys-net.
Done installing tor and obfs4proxy on sys-corridor so ready to use bridges…
Also I’ve tried things like changing sys-corridor’s NetVM from sys-firewall to sys-net and creating sys-whonix as debian-9 based, but neither have worked effectively.

Could someone help me with this?
Any advice will be appreciated. : ) Sorry for the long post.