Whonix 14 and TorGuard VPN

I suggest, start with a fresh new VM.
Then apply the instructions above. Slowly, step by step. I’ve done this configuration in the past, it’s easy to mess things up.
If they don’t work, please describe the specific issue you encounter.

I also need to do those settings again, this time on Whonix 14.

I find the instructions hard to follow, took me over 3 hours last time.

I am working on a compact version of this page and will share if there is an interest.

Configure VPN as instructed in Connecting to Tor before a VPN

Run these commands and provide output.

ls -la /run/resolvconf

ls -l /etc/openvpn

ls -l /var/run/openvpn

Manually start the VPN and post output of last command. Remember to redact any sensitive information.

sudo /usr/sbin/openvpn --rmtun --dev tun0
sudo /usr/sbin/openvpn --mktun --dev tun0 --dev-type tun --user tunnel --group tunnel
cd /etc/openvpn/
sudo -u tunnel openvpn /etc/openvpn/openvpn.conf

Note:

1 Like

I have reached step with header “VPN Setup”. It helps setup VPN Riseup provider. I am confused about this steps.

Do i need to do :

  1. VPN Configuration File and below ?
  2. Get VPN Certificate ?
  3. VPN Credentials ?
  4. install resolvconf ?
  5. DNS Configuration

Yes, all steps. Quite often users have difficulties with VPN setup. If you get stuck, use the forum search engine to see if anyone has had the same problem as you in the past. Chances are you’ll find a thread that will help with the problem
.

1 Like

Tor before VPN setup for Whonix 14 on VirtualBox

sudo nano /etc/uwt.d/50_user.conf

ADD:

uwtwrapper_global=“0”

sudo nano /etc/environment

ADD:

TOR_TRANSPROXY=1

sudo nano /etc/torbrowser.d/50_user.conf

ADD:

TB_NO_TOR_CON_CHECK=1
CURL_PROXY=“–fail”

sudo nano /etc/whonix_firewall.d/50_user.conf

ADD:

WORKSTATION_FIREWALL=1
TUNNEL_FIREWALL_ENABLE=true

sudo whonix_firewall

sudo nano /etc/sudoers.d/tunnel_unpriv

EDIT THE FILE TO BE:

tunnel ALL=(ALL) NOPASSWD: /bin/ip
tunnel ALL=(ALL) NOPASSWD: /usr/sbin/openvpn *
Defaults:tunnel !requiretty
Defaults:tunnel env_keep += script_type
Defaults:tunnel env_keep += dev

sudo nano /etc/openvpn/auth.txt # Only if your provider uses auth-user-pass auth.txt in openvpn.conf

ADD (your VPN account credentials):

username
password

sudo nano /etc/openvpn/openvpn.conf

ADD (your VPN provider will have additional settings):

client
dev tun0
persist-tun
persist-key

script-security 2
up “/etc/openvpn/update-resolv-conf script_type=up dev=tun0”
down “/etc/openvpn/update-resolv-conf script_type=down dev=tun0”

user tunnel
iproute /usr/bin/ip_unpriv

proto tcp

sudo apt-get update
sudo apt-get install resolvconf
sudo aptitude keep-all

sudo nano /usr/lib/tmpfiles.d/50_openvpn_unpriv.conf

ADD:

d /run/resolvconf 0775 root tunnel - -
d /run/resolvconf/interface 0775 root tunnel - -

sudo chown --recursive root:tunnel /run/resolvconf
sudo chmod --recursive 775 /run/resolvconf

sudo nano /etc/resolvconf/run/interface/original.resolvconf

COMMENT THE FILE’S CONTENT (OR DELETE IT)

sudo chown -R tunnel:tunnel /etc/openvpn
sudo chown -R tunnel:tunnel /var/run/openvpn

sudo cp /lib/systemd/system/openvpn@.service /lib/systemd/system/openvpn@openvpn.service
sudo systemctl enable openvpn@openvpn
sudo systemctl start openvpn@openvpn
sudo systemctl status openvpn@openvpn # check status

sudo service resolvconf restart
sudo cat /etc/resolv.conf

MAKE SURE IT DOESNT INCLUDE ANY OF:

nameserver 10.152.152.10
nameserver 10.137.3.1
nameserver 10.137.3.254

SHOULD ONLY INCLUDE VPN PROVIDER’S DNS

sudo nano /etc/whonix.d/50_user.conf

ADD:

whonixcheck_skip_functions+=" check_tor_bootstrap "
whonixcheck_skip_functions+=" check_tor_socks_port_reachability "
whonixcheck_skip_functions+=" check_tor_socks_port "
whonixcheck_skip_functions+=" check_tor_trans_port "
whonixcheck_skip_functions+=" check_stream_isolation "
whonixcheck_skip_functions+=" download_whonix_news "

DONE!

I’d say a major difficulty here in providing a comprehensive recipe for this setup is that different VPN providers will have different format in configuration files (/etc/openvpn/openvpn.conf).

The example in the wiki refers to riseup but you will probably use another provider so first you need to make sure you understand how to setup openvpn with your provider on a non-whonix (say Debian) system, and then editing that file will be easier.

after applying all above settings my internet connection is down. i am unable to update/upgrade via apt

[08:54|10.12] root@host dir:(user)# apt-get update 0% [Connecting to SOCKS5h proxy (socks5h://localhost:9050)] [Connecting to secu
freezes for an hour

even launching torguard client and trying to connect fails…

Also,

Post your openvpn configuration file.

cat /etc/openvpn/openvpn.conf

Be sure to redact remote IP address port


Post file permissions.

ls -l /etc/openvpn

And post all error messages

1 Like

I am unable to post images, dunno why. So here is links to information. I can paste plain text but it’s very hard to read with no color markup

$ sudo whonixcheck on GateWay:
(all good, green)
https://ibb.co/L5ds5nr

$ sudo whonixcheck on WS:
(error)
https://ibb.co/VSx9VhY

$ ls -la /run/resolvconf
https://ibb.co/RHq88MT

$ ls -l /etc/openvpn
https://ibb.co/42NGvLv

$ls -l /var/run/openvpn
total 0

sudo /usr/sbin/openvpn --rmtun --dev tun0

Tue Dec 11 09:57:25 2018 TUN/TAP device tun0 opened
Tue Dec 11 09:57:25 2018 Persist state set to: OFF

sudo /usr/sbin/openvpn --mktun --dev tun0 --dev-type tun --user tunnel --group tunnel

Tue Dec 11 09:59:08 2018 TUN/TAP device tun0 opened
Tue Dec 11 09:59:08 2018 Persist state set to: ON

cd /etc/openvpn/
sudo -u tunnel openvpn /etc/openvpn/openvpn.conf

Options error: the --up directive should have at most 1 parameter. To pass a list of arguments as one of the parameters, try enclosing them in double quotes (“”).

openvpn.conf
client
dev tun0
persist-tun
persist-key

script-security 2
up “/etc/openvpn/update-resolv-conf script_type=up dev=tun0”
down “/etc/openvpn/update-resolv-conf script_type=down dev=tun0”
user tunnel
iproute /usr/bin/ip_unpriv

proto tcp

We don’t reference **sudo** whonixcheck anywhere in the wiki. But you’re lucky - that won’t cause an issue.

Did you apply Connecting to Tor before a VPN?

after applying what u suggested:

$ whonixcheck
https://ibb.co/pbqM9Tf

still no internet connection :frowning:

The double quotes you used in

up “/etc/openvpn/update-resolv-conf script_type=up dev=tun0”
down “/etc/openvpn/update-resolv-conf script_type=down dev=tun0”

Are wrong. Looks like they got changed when I pasted the code here. Change “ to " in openvpn.conf and repeat the steps that follow editing the file.

" double quotes
“” get changed in this editor to a different character when they come in pairs (forward to Elon Musk. Dangers of AI)…
" " - no change if only a space in enclosed
“something something” - get changed when there is more content.

I’ve changed quotes to what is needed. Now my openvpn.conf looks like this:

client
dev tun0
persist-tun
persist-key

script-security 2
up "/etc/openvpn/update-resolv-conf script_type=up dev=tun0"
down "/etc/openvpn/update-resolv-conf script_type=down dev=tun0"

user tunnel
iproute /usr/bin/ip_unpriv

proto tcp

but still, i am unable to run apt-get update, since it freezes on fetching. GateWay connection works fine. I even tried reloading/starting /init.d/openvpn, but no help

during reboot i get error loading openvpn.service:
log from systemctl
● openvpn@openvpn.service loaded failed failed OpenVPN connection to openvpn

tried retastarting openvpn and run update:
https://ibb.co/nRnxr5h

How much RAM does the VM have?

Whonix KDE or Whonix XFCE? Latter needs less RAM.

Increase RAM?

Do you also have your VPN provider’s specific settings in the file?

Did you try a simple ping test first?

Please run the following commands then copy and paste the output. Use VirtualBox shared folders if necessary.

problem is not in Ram or X-system of VM, cuz out of the box everything works good.
But to answer your question: 2048MB, XFCE

sudo /usr/sbin/openvpn --rmtun --dev tun0
sudo /usr/sbin/openvpn --mktun --dev tun0 --dev-type tun --user tunnel --group tunnel
cd /etc/openvpn/

https://ibb.co/wc7MCyV

sudo -u tunnel openvpn /etc/openvpn/openvpn.conf
https://ibb.co/ZGPpgFh