Whonix 14 and TorGuard VPN

Please run the following commands then copy and paste the output. Use VirtualBox shared folders if necessary.

problem is not in Ram or X-system of VM, cuz out of the box everything works good.
But to answer your question: 2048MB, XFCE

sudo /usr/sbin/openvpn --rmtun --dev tun0
sudo /usr/sbin/openvpn --mktun --dev tun0 --dev-type tun --user tunnel --group tunnel
cd /etc/openvpn/

sudo -u tunnel openvpn /etc/openvpn/openvpn.conf

Do you have “remote”… in /etc/openvpn/openvpn.conf?

VPN provider specific settings

auth-user-pass auth.txt

##using nyc.vpn.riseup.net 80
remote your_vpn_prividers_ip_and_port

Note: You must follow the instructions verbatim as written in the Whonix wiki.

1 Like

We made some progress , guys :slight_smile:
I was able to run openvpn (after adding CA file and remote IP) but connection resets somewhy.

Whoray! I was able to rerun starting routine for openvpn(that was suggested above) and got my vpn connection UP. i am able to ping successfuly but websites not openning still due DNS ERROR. I am going to check what dns servers used and insert correct ones

apt-get still unable to run. connecting not establishing. so i cannot install resolvconf. also in Whonix VPN Guide, installing resolvconf is located after openvpn.conf editing part. So for me its not clear how can i run and install resolvconf. May be i should start over and install resolvconf before ? I repeat, i am able to make pings now after connecting to VPN , but sudo apt-get update not fecthing data

UPDATE i am lost again, guys… after changing exactly nothing (only rebooted) i now cannot establish connection to VPN
I get this error:

Fri Dec 14 13:12:17 2018 [TG-OVPN-CA] Peer Connection Initiated with [AF_INET]**********:443
Fri Dec 14 13:12:19 2018 ERROR: Cannot ioctl TUNSETIFF tun0: Device or resource busy (errno=16)
Fri Dec 14 13:12:19 2018 Exiting due to fatal error

running any of :
sudo /usr/sbin/openvpn --rmtun --dev tun0
sudo /usr/sbin/openvpn --mktun --dev tun0 --dev-type tun --user tunnel --group tunnel
gives ioctl error

As noted above and as commented by 0brand the settings of the VPN provider (server, credentials) are of course necessary for the connection to work.

I suggest you remove the IP from your post. You expose your VPN server.

Good point. I’d try that.

For now. OpenVPN service starts fine. Systemctlt log:

08:47|16.12] root@host dir:(user)# systemctl | grep openvpn
openvpn.service                loaded active exited    OpenVPN service                                                                              
openvpn@openvpn.service        loaded active running   OpenVPN connection to openvpn                                                                
system-openvpn.slice           loaded active active    system-openvpn.slice                                                                 

I am able to ping everything sucessfully. In #route command i can see my VPN provider IP address for eth0, but DNS lookup not working. So i cant open websites, cant run update/install packages. What i do from now ?

I’ve made another progress. I made clear install. Passed all steps from official VPN setup by Whonix. But i installed resolvconf prior to all steps.

Now i am able to connect to VPN, open websites. But apt-get not working at all.

0% [Connecting to SOCKS5h proxy (socks5h://localhost:9050)] [Connecting to security.debian.org] [Connecting to SOCKS5h proxy (socks5h://localhost:9050)] [Connecting to ftp.us.debian.or

This line never finishes. How do i fix it? There must be something with socks5h connection to localhost:9050

Err tor+http://vwakviie2ienjx6t.onion/debian stretch/main amd64 traceroute amd64 1:2.1.0-2
  Read error - read (104: Connection reset by peer) Reading the greet back from SOCKS proxy socks5h://localhost:9050 failed

The Debian onion services get a little flaky at times.


Note: When you receive an error message, try using the forum search engine ( top right hand corner of your screen) to see if that has been reported in the past. In many cases, this one included, the answer can be fairly quickly. But, keep in mind that misspelling or including to much search criteria will often turn up zero results. Keep it simple and if you are getting to many results gradually add addition key words until you can narrow it down.

1 Like

Well, i’ve searched for this and tried suggested steps. It doesnt work simply. Problem is in connecting to socks5h://localhost:9050. Everything works fine except i cannot install/update packages. Please help me finish this out

Also it was clear to me that problem is with VPN setup, because in Whonix Gateway apt-get update runs well.

Do you have any error messages in your OpenVPN logs?

How actually is this supposed to work in the case of Tor before VPN?

If the firewall makes everything go by the VPN, won’t any access to onion sites be a Tor over Tor case?

Tor -> VPN -> Tor

Guard -> Middle -> Exit -> VPN Provider -> Guard -> Middle -> Rendezvous point -> Middle -> Middle -> Middle -> Debian Onion Site ?

And if so, isn’t it preferable to update from Debian’s clearnet site?

No errors at all. All is clear. I am able to ping, nslookup via vpn.
Is there anybody that has sucessfully setup Tor -> VPN chain ? How is your apt-get update running ?

I did it on Whonix 13, apt-get update worked well but if I recall correctly it didn’t use onion sites back then.

Check what happens when you access onion sites with other apps. For example, try to run wget with an onion address. Does it work?

nope, none of it works.

07:10|18.12] user@host dir:(~)$ wget https://3g2upl4pq6kufc4m.onion/
--2018-12-18 07:11:13--  https://3g2upl4pq6kufc4m.onion/
Resolving 3g2upl4pq6kufc4m.onion (3g2upl4pq6kufc4m.onion)...
Connecting to 3g2upl4pq6kufc4m.onion (3g2upl4pq6kufc4m.onion)||:443... ^[

also, everytime i load VM, i need to run these commands over and over again:

sudo chown -R tunnel:tunnel /etc/openvpn
sudo chown -R tunnel:tunnel /var/run/openvpn
sudo systemctl start openvpn@openvpn

Not sure it’s related, but are you running multiple workstations in parallel? if so, did you change the IP in /etc/network/interfaces.d/30_non-qubes-whonix as explained in https://www.whonix.org/wiki/Multiple_Whonix-Workstations#Non-Qubes-Whonix ?

I’m going to try this setup on Whonix 14 and report back here.

Do you have to run those every time or just the following?

If so, you might have skipped that line:

sudo systemctl enable openvpn@openvpn

This is supposed to make sure this service starts every time.

why do u think so ? I am only running Whonix GW and Workstation same time

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]