After I create the /etc/whonix_firewall.d/50_user.conf file and reload the whonsix firewall, there is no connection at all.
For example,
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
And apt-get also fails. I need to comment out the 2 lines in 50_user.conf and restart the workstation to get an internet connection again. Actually, I confirmed that TUNNEL_FIREWALL_ENABLE=true is enough to cause this behaviour.
I assume something is wrong, because I thought I should be able to connect directly through TOR even if the VPN is not setup correctly?
Shouldn’t apt-get still work through Tor if it is configured to use stream isolation, instead of being broken?
I applied the steps in your link “Prevent Bypassing the Tunnel-Link”, because it says “Apply the following steps to avoid unexpected results such as broken connectivity and/or traffic bypassing the tunnel-link and only going through Tor.”
However, apt-get now fails because it cannot resolve the DNS (e.g. of ftp.us.debian.org).
I think something is wrong? I shouldn’t have to get the VPN up and running to have DNS?
So I guess the next step would be to confirm that I can get VPN working in a non-Whonix Debian VM, and submit a bug report?
Phrases such as “over Tor” are ambiguous. Please do not coin idiosyncratic words or phrases, otherwise this leads to confusion. Please use the same terms that are consistently referenced in documentation, such as:
Connect to a VPN Before Tor (User → VPN → Tor → Internet).
Connect to Tor Before a VPN (User → Tor → VPN → Internet).
And so on.
Always refer to the connection scheme when requesting support: User → VPN → Tor → Internet or User → Tor → VPN → Internet and so on.
@Patrick I tried following that guide and allowing UDP, and it still isn’t working, qBittorrent can’t download metadata or connect to any trackers. I also tried disabling the firewall and it still isn’t working.
I can actually send UDP and ICMP now, “ping” and “traceroute” don’t throw errors, however I am not getting any replies at all. Ping just gives no output, traceroute gives 30 lines with a number and “* * *”.
@Patrick So it seems the “VPN Method” is the only option, as the others are listed as undocumented/not working. Out of the VPNs, the options are RiseUp or USAIP. I tried to use RiseUp and was blocked because I don’t have an invite code, one would be greatly appreciated. I also tried to use USAIP and was stuck because the instructions seem to be out-of-date, it says to download “usaip.zip” but I can’t find this anywhere on the USAIP website. EDIT: I found the file, but all the ovpn files claim that there is an unrecognized option of line 7 called pull: “Options error: Unrecognized option or missing or extra parameter(s) in France_2.ovpn:7: pull (2.4.7)”
Is there a way that I can have UDP bypass Tor entirely, such that it would be similar to running it on my host system? And then I can just use Tor for TCP traffic? I only need the UDP traffic to briefly connect to the trackers and start the download.