I suggest, start with a fresh new VM.
Then apply the instructions above. Slowly, step by step. I’ve done this configuration in the past, it’s easy to mess things up.
If they don’t work, please describe the specific issue you encounter.
I also need to do those settings again, this time on Whonix 14.
I find the instructions hard to follow, took me over 3 hours last time.
I am working on a compact version of this page and will share if there is an interest.
Configure VPN as instructed in Connecting to Tor before a VPN
Run these commands and provide output.
ls -la /run/resolvconf
ls -l /etc/openvpn
ls -l /var/run/openvpn
Manually start the VPN and post output of last command. Remember to redact any sensitive information.
sudo /usr/sbin/openvpn --rmtun --dev tun0
sudo /usr/sbin/openvpn --mktun --dev tun0 --dev-type tun --user tunnel --group tunnel
cd /etc/openvpn/
sudo -u tunnel openvpn /etc/openvpn/openvpn.conf
Note:
- Install TorGuard .deb package itself will work in Debian but support requests may not be taken on Whonix forum. Please ask your VPN service provider for help with that.
- Depending on information provided: https://whonix.org/wiki/FAQ#Non-Responsiveness_to_Concerns may apply.
I have reached step with header “VPN Setup”. It helps setup VPN Riseup provider. I am confused about this steps.
Do i need to do :
- VPN Configuration File and below ?
- Get VPN Certificate ?
- VPN Credentials ?
- install resolvconf ?
- DNS Configuration
Yes, all steps. Quite often users have difficulties with VPN setup. If you get stuck, use the forum search engine to see if anyone has had the same problem as you in the past. Chances are you’ll find a thread that will help with the problem
.
Tor before VPN setup for Whonix 14 on VirtualBox
sudo nano /etc/uwt.d/50_user.conf
ADD:
uwtwrapper_global=“0”
–
sudo nano /etc/environment
ADD:
TOR_TRANSPROXY=1
–
sudo nano /etc/torbrowser.d/50_user.conf
ADD:
TB_NO_TOR_CON_CHECK=1
CURL_PROXY=“–fail”
–
sudo nano /etc/whonix_firewall.d/50_user.conf
ADD:
WORKSTATION_FIREWALL=1
TUNNEL_FIREWALL_ENABLE=true
–
sudo whonix_firewall
–
sudo nano /etc/sudoers.d/tunnel_unpriv
EDIT THE FILE TO BE:
tunnel ALL=(ALL) NOPASSWD: /bin/ip
tunnel ALL=(ALL) NOPASSWD: /usr/sbin/openvpn *
Defaults:tunnel !requiretty
Defaults:tunnel env_keep += script_type
Defaults:tunnel env_keep += dev
–
sudo nano /etc/openvpn/auth.txt # Only if your provider uses auth-user-pass auth.txt in openvpn.conf
ADD (your VPN account credentials):
username
password
–
sudo nano /etc/openvpn/openvpn.conf
ADD (your VPN provider will have additional settings):
client
dev tun0
persist-tun
persist-keyscript-security 2
up “/etc/openvpn/update-resolv-conf script_type=up dev=tun0”
down “/etc/openvpn/update-resolv-conf script_type=down dev=tun0”user tunnel
iproute /usr/bin/ip_unprivproto tcp
–
sudo apt-get update
sudo apt-get install resolvconf
sudo aptitude keep-all
–
sudo nano /usr/lib/tmpfiles.d/50_openvpn_unpriv.conf
ADD:
d /run/resolvconf 0775 root tunnel - -
d /run/resolvconf/interface 0775 root tunnel - -
–
sudo chown --recursive root:tunnel /run/resolvconf
sudo chmod --recursive 775 /run/resolvconf
–
sudo nano /etc/resolvconf/run/interface/original.resolvconf
COMMENT THE FILE’S CONTENT (OR DELETE IT)
–
sudo chown -R tunnel:tunnel /etc/openvpn
sudo chown -R tunnel:tunnel /var/run/openvpn
–
sudo cp /lib/systemd/system/openvpn@.service /lib/systemd/system/openvpn@openvpn.service
sudo systemctl enable openvpn@openvpn
sudo systemctl start openvpn@openvpn
sudo systemctl status openvpn@openvpn # check status
–
sudo service resolvconf restart
sudo cat /etc/resolv.conf
MAKE SURE IT DOESNT INCLUDE ANY OF:
nameserver 10.152.152.10
nameserver 10.137.3.1
nameserver 10.137.3.254
SHOULD ONLY INCLUDE VPN PROVIDER’S DNS
–
sudo nano /etc/whonix.d/50_user.conf
ADD:
whonixcheck_skip_functions+=" check_tor_bootstrap "
whonixcheck_skip_functions+=" check_tor_socks_port_reachability "
whonixcheck_skip_functions+=" check_tor_socks_port "
whonixcheck_skip_functions+=" check_tor_trans_port "
whonixcheck_skip_functions+=" check_stream_isolation "
whonixcheck_skip_functions+=" download_whonix_news "
–
DONE!
I’d say a major difficulty here in providing a comprehensive recipe for this setup is that different VPN providers will have different format in configuration files (/etc/openvpn/openvpn.conf).
The example in the wiki refers to riseup but you will probably use another provider so first you need to make sure you understand how to setup openvpn with your provider on a non-whonix (say Debian) system, and then editing that file will be easier.
after applying all above settings my internet connection is down. i am unable to update/upgrade via apt
[08:54|10.12] root@host dir:(user)# apt-get update 0% [Connecting to SOCKS5h proxy (socks5h://localhost:9050)] [Connecting to secu
freezes for an hour
even launching torguard client and trying to connect fails…
Also,
Post your openvpn configuration file.
cat /etc/openvpn/openvpn.conf
Be sure to redact remote IP address port
Post file permissions.
ls -l /etc/openvpn
And post all error messages
I am unable to post images, dunno why. So here is links to information. I can paste plain text but it’s very hard to read with no color markup
$ sudo whonixcheck on GateWay:
(all good, green)
https://ibb.co/L5ds5nr
$ sudo whonixcheck on WS:
(error)
https://ibb.co/VSx9VhY
$ ls -la /run/resolvconf
https://ibb.co/RHq88MT
$ ls -l /etc/openvpn
https://ibb.co/42NGvLv
$ls -l /var/run/openvpn
total 0
sudo /usr/sbin/openvpn --rmtun --dev tun0
Tue Dec 11 09:57:25 2018 TUN/TAP device tun0 opened
Tue Dec 11 09:57:25 2018 Persist state set to: OFF
sudo /usr/sbin/openvpn --mktun --dev tun0 --dev-type tun --user tunnel --group tunnel
Tue Dec 11 09:59:08 2018 TUN/TAP device tun0 opened
Tue Dec 11 09:59:08 2018 Persist state set to: ON
cd /etc/openvpn/
sudo -u tunnel openvpn /etc/openvpn/openvpn.conf
Options error: the --up directive should have at most 1 parameter. To pass a list of arguments as one of the parameters, try enclosing them in double quotes (“”).
openvpn.conf
client
dev tun0
persist-tun
persist-key
script-security 2
up “/etc/openvpn/update-resolv-conf script_type=up dev=tun0”
down “/etc/openvpn/update-resolv-conf script_type=down dev=tun0”
user tunnel
iproute /usr/bin/ip_unpriv
proto tcp
We don’t reference **sudo** whonixcheck
anywhere in the wiki. But you’re lucky - that won’t cause an issue.
Did you apply Connecting to Tor before a VPN?
The double quotes you used in
up “/etc/openvpn/update-resolv-conf script_type=up dev=tun0”
down “/etc/openvpn/update-resolv-conf script_type=down dev=tun0”
Are wrong. Looks like they got changed when I pasted the code here. Change “ to " in openvpn.conf and repeat the steps that follow editing the file.
" double quotes
“” get changed in this editor to a different character when they come in pairs (forward to Elon Musk. Dangers of AI)…
" " - no change if only a space in enclosed
“something something” - get changed when there is more content.
I’ve changed quotes to what is needed. Now my openvpn.conf looks like this:
client
dev tun0
persist-tun
persist-key
script-security 2
up "/etc/openvpn/update-resolv-conf script_type=up dev=tun0"
down "/etc/openvpn/update-resolv-conf script_type=down dev=tun0"
user tunnel
iproute /usr/bin/ip_unpriv
proto tcp
but still, i am unable to run apt-get update, since it freezes on fetching. GateWay connection works fine. I even tried reloading/starting /init.d/openvpn, but no help
during reboot i get error loading openvpn.service:
log from systemctl
● openvpn@openvpn.service loaded failed failed OpenVPN connection to openvpn
tried retastarting openvpn and run update:
https://ibb.co/nRnxr5h
How much RAM does the VM have?
Whonix KDE or Whonix XFCE? Latter needs less RAM.
Increase RAM?
Do you also have your VPN provider’s specific settings in the file?
Did you try a simple ping test first?
Please run the following commands then copy and paste the output. Use VirtualBox shared folders if necessary.
problem is not in Ram or X-system of VM, cuz out of the box everything works good.
But to answer your question: 2048MB, XFCE
sudo /usr/sbin/openvpn --rmtun --dev tun0
sudo /usr/sbin/openvpn --mktun --dev tun0 --dev-type tun --user tunnel --group tunnel
cd /etc/openvpn/
sudo -u tunnel openvpn /etc/openvpn/openvpn.conf
https://ibb.co/ZGPpgFh