Hi, I was looking into forum, but didn’t find exactly answer to to my question. I did setup openvpn on whonix gateway, openvpn service is running and active, whonix gateway connected to tor, but how to know for sure, that whonix first connects to vpn and then to tor?
If you read through the instructions carefully in VPN inside Whonix-Gateway you will see the VPN is set up as a failed closed mechanism. This means if the VPN were to disconnect your connection to Tor would also disconnect. A way to test this out is to stop your VPN. If your Tor connection also drops that means you are being routed through your VPN first. You can use this command to stop your VPN.
sudo service openvpn@openvpn stop
Looks like in 50_user.conf made typo. Now when I add VPN_FIREWALL=1, I can’t connect to tor, while vpn still works.
[INFO] [whonixcheck] Tor Bootstrap Result: Bootstrapping for 17 seconds. 80 % done. Tor Circuit: not established. Tor reports: WARN BOOTSTRAP PROGRESS=80 TAG=conn_or SUMMARY="Connecting to the Tor network" WARNING="No route to host" REASON=NOROUTE COUNT=13 RECOMMENDATION=warn HOSTID="xxxx" HOSTADDR="xx.x.xxx.xxx:443"
Unless you made edits to either
/etc/openvpn/openvpn.conf (change your VPN server), Whonix-Gateway should still be able to connect to Tor
You have may have to manually restart Tor. This is because the VPN may not be ready when Tor is attempting to connect, because the VPN connection initialization takes too long. Due to a bug in Tor, it won’t keep trying to connect. To fix this, you may have to manually restart Tor after boot, if whonixcheck reports that Tor is not fully bootstrapped. The same may be necessary if your VPN software or connection temporarily broke down.
To manually restart Tor. In Whonix-Gateway konsole:
sudo service tor@default reload
sudo service tor@default status
Should say Active: active (running) since …
In case of issues, try the following debugging steps.
sudo -u debian-tor tor --verify-config
The output should be similar to the following.
Sep 17 17:40:41.416 [notice] Read configuration file “/etc/tor/torrc”.
Configuration was valid
When you shut down the VPN, neither Tor, nor Whonix-Gateway’s whonixcheck/apt-get/etc. nor Whonix-Workstation should be able to connect anywhere anymore.
See also Force Tor to wait for OpenVPN