Whonix 14 and TorGuard VPN

0brand · December 12, 2018, 10:51pm

Please run the following commands then copy and paste the output. Use VirtualBox shared folders if necessary.

0brand:

Manually start the VPN and post output of last command. Remember to redact any sensitive information.
sudo /usr/sbin/openvpn --rmtun --dev tun0
sudo /usr/sbin/openvpn --mktun --dev tun0 --dev-type tun --user tunnel --group tunnel
cd /etc/openvpn/
sudo -u tunnel openvpn /etc/openvpn/openvpn.conf

Denssss · December 13, 2018, 9:30am

problem is not in Ram or X-system of VM, cuz out of the box everything works good.
But to answer your question: 2048MB, XFCE

Denssss · December 13, 2018, 9:36am

sudo /usr/sbin/openvpn --rmtun --dev tun0
sudo /usr/sbin/openvpn --mktun --dev tun0 --dev-type tun --user tunnel --group tunnel
cd /etc/openvpn/

https://ibb.co/wc7MCyV

sudo -u tunnel openvpn /etc/openvpn/openvpn.conf
https://ibb.co/ZGPpgFh

0brand · December 13, 2018, 11:24am

Do you have “remote”… in /etc/openvpn/openvpn.conf?

Connecting to Tor before a VPN

VPN provider specific settings

##############################
auth-user-pass auth.txt

##using nyc.vpn.riseup.net 80
remote your_vpn_prividers_ip_and_port

Note: You must follow the instructions verbatim as written in the Whonix wiki.

Denssss · December 14, 2018, 12:33pm

We made some progress , guys
I was able to run openvpn (after adding CA file and remote IP) but connection resets somewhy.

UPDATE:
Whoray! I was able to rerun starting routine for openvpn(that was suggested above) and got my vpn connection UP. i am able to ping 8.8.8.8 successfuly but websites not openning still due DNS ERROR. I am going to check what dns servers used and insert correct ones

Denssss · December 14, 2018, 1:04pm

apt-get still unable to run. connecting not establishing. so i cannot install resolvconf. also in Whonix VPN Guide, installing resolvconf is located after openvpn.conf editing part. So for me its not clear how can i run and install resolvconf. May be i should start over and install resolvconf before ? I repeat, i am able to make pings now after connecting to VPN , but sudo apt-get update not fecthing data

UPDATE i am lost again, guys… after changing exactly nothing (only rebooted) i now cannot establish connection to VPN
I get this error:

Fri Dec 14 13:12:17 2018 [TG-OVPN-CA] Peer Connection Initiated with [AF_INET]**********:443
Fri Dec 14 13:12:19 2018 ERROR: Cannot ioctl TUNSETIFF tun0: Device or resource busy (errno=16)
Fri Dec 14 13:12:19 2018 Exiting due to fatal error

running any of :
sudo /usr/sbin/openvpn --rmtun --dev tun0
sudo /usr/sbin/openvpn --mktun --dev tun0 --dev-type tun --user tunnel --group tunnel
gives ioctl error

asd3333 · December 15, 2018, 4:32am

As noted above and as commented by 0brand the settings of the VPN provider (server, credentials) are of course necessary for the connection to work.

I suggest you remove the IP from your post. You expose your VPN server.

Good point. I’d try that.

Denssss · December 16, 2018, 8:47am

For now. OpenVPN service starts fine. Systemctlt log:

08:47|16.12] root@host dir:(user)# systemctl | grep openvpn
openvpn.service                loaded active exited    OpenVPN service                                                                              
openvpn@openvpn.service        loaded active running   OpenVPN connection to openvpn                                                                
system-openvpn.slice           loaded active active    system-openvpn.slice

I am able to ping everything sucessfully. In #route command i can see my VPN provider IP address for eth0, but DNS lookup not working. So i cant open websites, cant run update/install packages. What i do from now ?

Denssss · December 16, 2018, 10:06am

I’ve made another progress. I made clear install. Passed all steps from official VPN setup by Whonix. But i installed resolvconf prior to all steps.

Now i am able to connect to VPN, open websites. But apt-get not working at all.

0% [Connecting to SOCKS5h proxy (socks5h://localhost:9050)] [Connecting to security.debian.org] [Connecting to SOCKS5h proxy (socks5h://localhost:9050)] [Connecting to ftp.us.debian.or

This line never finishes. How do i fix it? There must be something with socks5h connection to localhost:9050

Err tor+http://vwakviie2ienjx6t.onion/debian stretch/main amd64 traceroute amd64 1:2.1.0-2
  Read error - read (104: Connection reset by peer) Reading the greet back from SOCKS proxy socks5h://localhost:9050 failed

0brand · December 16, 2018, 10:43am

The Debian onion services get a little flaky at times.

https://whonix.org/wiki/Operating_System_Software_and_Updates#Non-functional_Onion_Services

Note: When you receive an error message, try using the forum search engine ( top right hand corner of your screen) to see if that has been reported in the past. In many cases, this one included, the answer can be fairly quickly. But, keep in mind that misspelling or including to much search criteria will often turn up zero results. Keep it simple and if you are getting to many results gradually add addition key words until you can narrow it down.

Denssss · December 17, 2018, 2:59pm

Well, i’ve searched for this and tried suggested steps. It doesnt work simply. Problem is in connecting to socks5h://localhost:9050. Everything works fine except i cannot install/update packages. Please help me finish this out

Also it was clear to me that problem is with VPN setup, because in Whonix Gateway apt-get update runs well.

0brand · December 18, 2018, 12:09am

Do you have any error messages in your OpenVPN logs?

asd3333 · December 18, 2018, 4:49am

How actually is this supposed to work in the case of Tor before VPN?

If the firewall makes everything go by the VPN, won’t any access to onion sites be a Tor over Tor case?

Tor → VPN → Tor

Guard → Middle → Exit → VPN Provider → Guard → Middle → Rendezvous point → Middle → Middle → Middle → Debian Onion Site ?

And if so, isn’t it preferable to update from Debian’s clearnet site?

Denssss · December 18, 2018, 5:47am

No errors at all. All is clear. I am able to ping, nslookup via vpn.
Is there anybody that has sucessfully setup Tor -> VPN chain ? How is your apt-get update running ?

asd3333 · December 18, 2018, 5:52am

I did it on Whonix 13, apt-get update worked well but if I recall correctly it didn’t use onion sites back then.

asd3333 · December 18, 2018, 6:02am

Check what happens when you access onion sites with other apps. For example, try to run wget with an onion address. Does it work?

Denssss · December 18, 2018, 7:11am

nope, none of it works.

07:10|18.12] user@host dir:(~)$ wget https://3g2upl4pq6kufc4m.onion/
--2018-12-18 07:11:13--  https://3g2upl4pq6kufc4m.onion/
Resolving 3g2upl4pq6kufc4m.onion (3g2upl4pq6kufc4m.onion)... 127.42.42.0
Connecting to 3g2upl4pq6kufc4m.onion (3g2upl4pq6kufc4m.onion)|127.42.42.0|:443... ^[

also, everytime i load VM, i need to run these commands over and over again:

sudo chown -R tunnel:tunnel /etc/openvpn
sudo chown -R tunnel:tunnel /var/run/openvpn
sudo systemctl start openvpn@openvpn

asd3333 · December 18, 2018, 7:24am

Not sure it’s related, but are you running multiple workstations in parallel? if so, did you change the IP in /etc/network/interfaces.d/30_non-qubes-whonix as explained in Multiple Whonix-Workstation ™ ?

I’m going to try this setup on Whonix 14 and report back here.

asd3333 · December 18, 2018, 7:35am

Do you have to run those every time or just the following?

If so, you might have skipped that line:

sudo systemctl enable openvpn@openvpn

This is supposed to make sure this service starts every time.

Denssss · December 18, 2018, 7:54am

why do u think so ? I am only running Whonix GW and Workstation same time