User -> TOR -> VPN -> Internet no connection at all

I followed the instruction here:

and it doesn’t seem to be working at all.

After I create the /etc/whonix_firewall.d/50_user.conf file and reload the whonsix firewall, there is no connection at all.

For example,

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
ping: sendmsg: Operation not permitted

And apt-get also fails. I need to comment out the 2 lines in 50_user.conf and restart the workstation to get an internet connection again. Actually, I confirmed that TUNNEL_FIREWALL_ENABLE=true is enough to cause this behaviour.

I assume something is wrong, because I thought I should be able to connect directly through TOR even if the VPN is not setup correctly?

apt-get is preconfigured to use stream isolation, a Tor SocksPort - related to https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN#Prevent_Bypassing_the_Tunnel-Link

Tor does not support ICMP (ping).
https://www.whonix.org/wiki/Tor#UDP

Might be an unrelated bug blocking all but TCP even in TUNNEL_FIREWALL_ENABLE=true mode.

Hi Patrick.

Shouldn’t apt-get still work through Tor if it is configured to use stream isolation, instead of being broken?

I applied the steps in your link “Prevent Bypassing the Tunnel-Link”, because it says “Apply the following steps to avoid unexpected results such as broken connectivity and/or traffic bypassing the tunnel-link and only going through Tor.”

However, apt-get now fails because it cannot resolve the DNS (e.g. of ftp.us.debian.org).

I think something is wrong? I shouldn’t have to get the VPN up and running to have DNS?

So I guess the next step would be to confirm that I can get VPN working in a non-Whonix Debian VM, and submit a bug report?

Thanks.