and then start service, otherwise services fails to load due to “Permission denied”.
I am trying to set VPN for more than a month already, with use of guide, with help of forum… this is very sad and annoying :((( if its possible , could you connect to me via something like teamviewer and help me out to finally win it ?
I will try to complete the Tor before VPN setup on my side with Whonix 14 first and see if I experience same issue you do first. If it works for me I will be happy to assist.
First of all I can confirm that resolvconf needs to be installed first, as you did. Once you make the initial changes and run whonix_firewall you lose connection.
Second issue I encountered was when running
sudo aptitude keep-all
I get an error, aptitude is not installed (I don’t recall what was the situation in Whonix 13). Solved with
sudo apt-get install aptitude
Two other minor remarks:
As footnote 21 mentions, the following already exist in /usr/lib/tmpfiles.d/50_openvpn_unpri.conf so no changes are necessary
d /run/resolvconf 0775 root tunnel - -
d /run/resolvconf/interface 0775 root tunnel - -
VPN provider’s site identifies the connection is through them.
Tor browser does NOT connect to onion sites
wget works with clearnet but NOT with onion sites (“resolving… failed: Name or service not known. wget: unable to resolve host address”)
sudo apt-get update gives:
Hit:1 http://security.debian.org stretch/updates InRelease
Ign:2 Index of /debian stretch InRelease
Get:3 http://deb.whonix.org stretch InRelease [13.2 kB]
Hit:4 Index of /debian stretch Release
0% [Connecting to SOCKS5h proxy (socks5h://localhost:9050)] [Connecting to SOCKS5h proxy (socks5h://localhost:9050)] [Connecting to SsIgn:6 tor+http://sgvtcaew4bxjd7ln.onion stretch/updates InRelease
Ign:7 tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion stretch InRelease
Ign:8 tor+http://vwakviie2ienjx6t.onion/debian stretch InRelease
Err:9 tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion stretch Release
Read error - read (104: Connection reset by peer) Reading the greet back from SOCKS proxy socks5h://localhost:9050 failed [IP: 127.0.0.1 9050]
Err:10 tor+http://sgvtcaew4bxjd7ln.onion stretch/updates Release
Read error - read (104: Connection reset by peer) Reading the greet back from SOCKS proxy socks5h://localhost:9050 failed [IP: 127.0.0.1 9050]
Err:11 tor+http://vwakviie2ienjx6t.onion/debian stretch Release
Read error - read (104: Connection reset by peer) Reading the greet back from SOCKS proxy socks5h://localhost:9050 failed [IP: 127.0.0.1 9050]
Reading package lists… Done
E: The repository ‘tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion stretch Release’ does no longer have a Release file.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository ‘tor+http://sgvtcaew4bxjd7ln.onion stretch/updates Release’ does no longer have a Release file.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository ‘tor+http://vwakviie2ienjx6t.onion/debian stretch Release’ does no longer have a Release file.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Running sudo apt-get update from a standard whonix workstation completes in seconds.
Makes sense. Could you please explain how to change apt-get settings to use clearnet rather than the onion repositories? I think this is the only missing piece for me here.
Also is there a way to use GUI-toguard client ? If i run it nothing works, it just cant connect at all. I tried shutting down openvpn prior to running. I need this for switching servers inside torguard network, in GUI-client its much more convinient rather than editing openvpn.conf everytime
You still have the whonix onion address in your apt-get output so you probably skipped commenting a line in whonix.list and perhaps changed something that shouldn’t be changed in debian.list - can you post the content of those two files here?
Sorry, i probably run sudo apt-get update before editing or needed to restart firewall. My output now doesnt have tor in it. Its like this:
sudo apt-get update
Ign:1 http://security.debian.org stretch/updates InRelease
Ign:2 http://deb.whonix.org stretch InRelease
Ign:3 http://ftp.us.debian.org/debian stretch InRelease
Err:4 http://deb.whonix.org stretch Release
Something wicked happened resolving 'deb.whonix.org:http' (-4 - Non-recoverable failure in name resolution)
Err:5 http://ftp.us.debian.org/debian stretch Release
Something wicked happened resolving 'ftp.us.debian.org:http' (-4 - Non-recoverable failure in name resolution)
Err:6 http://security.debian.org stretch/updates Release
Something wicked happened resolving 'security.debian.org:http' (-4 - Non-recoverable failure in name resolution)
Reading package lists... Done
E: The repository 'http://deb.whonix.org stretch Release' does no longer have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'http://ftp.us.debian.org/debian stretch Release' does no longer have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'http://security.debian.org stretch/updates Release' does no longer have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Anyway here is content of debian.list:
# Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
# See the file COPYING for copying conditions.
# This is a default sources.list for Anonymity Linux Distributions,
# which are derivatives of Debian.
# If you want to see the example, which came with the upstream
# distribution, see: /usr/share/doc/apt/examples/sources.list
# Instead of directly editing this file,
# the user is advised to create the file /etc/apt/sources.list.d/user.list.
# This is because when this package gets updated,
# /etc/apt/sources.list.d/debian.list will be overwritten and may receive new
# new default values and comments. The entire folder /etc/apt/sources.list.d/
# gets scanned for additional sources.list files by apt-get.
# The user may keep their settings even after updating this package.
##
# Without graphical user interface, you can use for example:
# sudo editor /etc/apt/sources.list.d/user.list
# With graphical user interface (KDE), you can use for example:
# kdesudo xdg-open /etc/apt/sources.list.d/user.list
#deb tor+http://sgvtcaew4bxjd7ln.onion stretch/updates main contrib non-free
deb http://security.debian.org stretch/updates main contrib non-free
#deb tor+http://vwakviie2ienjx6t.onion/debian stretch main contrib non-free
deb http://ftp.us.debian.org/debian stretch main contrib non-free
#deb https://deb.debian.org/debian stretch main
#deb http://deb.debian.org/debian-security/ stretch/updates main
#deb-src tor+http://sgvtcaew4bxjd7ln.onion stretch/updates main contrib non-free
#deb-src http://security.debian.org stretch/updates main contrib non-free
#deb-src tor+http://vwakviie2ienjx6t.onion/debian stretch main contrib non-free
#deb-src http://ftp.us.debian.org/debian stretch main contrib non-free
# Technical notes:
# - Why is stretch-updates disabled by default?
# See: http://wiki.debian.org/StableUpdates
# - Why are sources (deb-src) disabled by default?
# Because those are not required by most users, to save time while
# running "sudo apt-get update".
# - See also: http://www.debian.org/security/
# - See also: /etc/apt/sources.list.d/
and whonix.list:
# Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
# See the file COPYING for copying conditions.
# Whonix /etc/apt/sources.list.d/whonix.list
# This file has been automatically created by /usr/bin/whonix_repository.
# If you make manual changes to it, your changes get lost next time you run
# the whonix_repository tool.
# You can conveniently manage this file, using the whonix_repository tool.
# For any modifications (delete this file, use stable version, use testers
# version or use developers version), please use the whonix_repository tool.
# Run:
# sudo whonix_repository
#deb tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion stretch main contrib non-free
#deb-src tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion stretch main contrib non-free
deb http://deb.whonix.org stretch main contrib non-free
#deb-src http://deb.whonix.org stretch main contrib non-free
# Leaving source line disabled by default to safe some time, it's not useful
# anyway, since it's better to get the source code from the git repository.
# End of /etc/apt/sources.list.d/whonix.list