Hello everyone,
I’m using whonix on Qubes 4.0. Since i installed updates (dom0 and whonix templates) a few days ago the control/socks port of sys-whonix-14 (my whonix-gateway, based on whonix-gw-14 template) is not reachable from my whonix workstation anon-whonix
Running whonixcheck -v in anon-whonix (template whonix-ws-14):
[INFO] [whonixcheck] anon-whonix | Whonix-Workstation | whonix-ws-14 TemplateBased AppVM | Mon Jun 3 14:08:20 UTC 2019
[INFO] [whonixcheck] Input Detection: INPUT_AUTO=true CLI=true GUI=false
stdin connected to terminal. Using cli output. Not using gui output.
Alternatively, if want to run from command line, but still use the graphical user interface for input, you could add to command line: --gui
[INFO] [whonixcheck] Root Check Result: Ok, not running as root.
[INFO] [whonixcheck] Pin torproject,.org certificate: disabled.
[INFO] [whonixcheck] whonix_build_version: 3:2.5-1
[INFO] [whonixcheck] whonix-workstation-packages-dependencies-cli: 9.8-1
[INFO] [whonixcheck] /etc/whonix_version: 14
[INFO] [whonixcheck] Spectre Meltdown Test: skipping since spectre_meltdown_check=false, ok.
If you wish to enable this test, run:sudo spectre_meltdown_check=true whonixcheck
[INFO] [whonixcheck] Whonix firewall systemd unit check Result: Ok.
[INFO] [whonixcheck] Qubes qubes-db Test Result: Connection to local qubes-db daemon succeeded, ok.
[INFO] [whonixcheck] Qubes Settings Test Result: Ok. (GATEWAY_IP: 10.137.0.46)
[INFO] [whonixcheck] Qubes Settings Test Result: Ok, qubes_vm_type is AppVM.
[INFO] [whonixcheck] Check Kernel Messages Test Result: Found nothing remarkable, ok.
[INFO] [whonixcheck] check network interfaces Result: Ok.
[INFO] [whonixcheck] Check Package Manager Running Result: None running, ok.
[INFO] [whonixcheck] Tor Check Result: Not running on Whonix-Gateway, ok.
[INFO] [whonixcheck] Tor Config Check Result: Tor config ok.
[INFO] [whonixcheck] Tor Pid Check Result: Not running on Whonix-Gateway., ok.
[WARNING] [whonixcheck] Tor SocksPort Reachability Test Result: Unreachable! (curl exit code: 28 | curl status message: [28] - [Operation timeout. The specified time-out period was reached according to the conditions.])
[ERROR] [whonixcheck] Tor Connection Result:
Tor’s Control Port could not be reached!Troubleshooting:
Confirm that Whonix-Gateway is running.
Run whonixcheck on Whonix-Gateway and confirm success.
Rerun whonixcheck here in this Whonix-Workstation.
(Technical information:)
(tor_circuit_established_check_exit_code: 277)
(tor_bootstrap_timeout_type: )
(tor_bootstrap_status: )
(check_socks_port_open_test: 28)
(Tor Circuit: not established)
Output of whonixcheck in sys-whonix-14 looks normal:
[INFO] [whonixcheck] sys-whonix-14 | Whonix-Gateway | whonix-gw-14 TemplateBased ProxyVM | Mon Jun 3 14:43:03 UTC 2019
[INFO] [whonixcheck] Connected to Tor.
[INFO] [whonixcheck] Whonix APT Repository: Enabled.
When the Whonix team releases STRETCH updates,
they will be AUTOMATICALLY installed (when you run apt-get dist-upgrade)
along with updated packages from the Debian team. Please
read https;://www.whonix.org/wiki/Trust to understand the risk.
If you want to change this, use:
sudo whonix_repository
[INFO] [whonixcheck] Debian Package Update Check: Checking for software updates via apt-get… ( Documentation: https;://www.whonix,.org/wiki/Update )
[INFO] [whonixcheck] Debian Package Update Check Result: No updates found via apt-get.
I also tried to set sys-whonix-14 as netvm of a appvm based on fedora-29 template. No connection, unable to ping out.
What I tried so far:
- Update template using:
sudo qubes-dom0-update --enablerepo=qubes-templates-community --action=upgrade qubes-template-whonix-gw-14
- Reinstall template using:
sudo qubes-dom0-update --enablerepo=qubes-templates-community --action=reinstall qubes-template-whonix-gw-14
- Run:
sudo qubesctl state.sls qvm.anon-whonix
in dom0, (shortened)result:
Succeeded: 13
Failed: 0
Any ideas what could be the problem? I have no idea how to debug networking at Xen-level for possible network misconfigurations.