Whonix Gateway problems with NAT


I’m new in Whonix and follow the documentation’s tutorial but that doesn’t work. I think is 'cause the Whonix Gateway have problems with NAT network 'cause i made a ping command to another IP in the network and said me:

Ping cmp_seq=1 Packet filtered

What could be the problem?


Hi linurandy

Can you give more info? What are you trying to acconplish? Are you trying but are unable to connect to Tor?

Whonix-Gateway filters all non-Tor traffic. If not connected to Tor then…

Edit: Should also mention Tor does not support UDP so ping will not work.


Well, I configured the torrc file with this file:

DisableNetwork 0
UseBridges 1
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy

**bridge obfs4 0EEB10BF4B4FAF56D46E

**bridge obfs4 DD21A551767816A0C9495
**bridge obfs4 B3B8009D01BB7E5FDFAEC

On the cursive’s letter i push the information that i received from email, then i ran
sudo whonixsetup
i selected the third option, then i pressed OK
with all steps and i show up that messages

when i saw the logs that’s appear

Oct 24 00:22:02.000 [notice] Tor (git-a0df013ea241b026) opening new log file.
Oct 24 00:22:00.541 [notice] Tor (git-a0df013ea241b026) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8.
Oct 24 00:22:00.541 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Oct 24 00:22:00.542 [notice] Read configuration file “/usr/share/tor/tor-service-defaults-torrc”.
Oct 24 00:22:00.542 [notice] Read configuration file “/etc/tor/torrc”.
Oct 24 00:22:00.543 [warn] The ControlListenAddress option is deprecated, and will most likely be removed in a future version of Tor. Use ControlPort instead. (If you think this i$
Oct 24 00:22:00.547 [notice] You configured a non-loopback address ‘’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. $
Oct 24 00:22:00.547 [notice] You configured a non-loopback address ‘’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. $
Oct 24 00:22:00.548 [notice] You configured a non-loopback address ‘’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. $


Hi linurandy

For starters you should always redact your IPs when you post your torrc, logs, etc…


I want to make sure that the two asterisks ** at the beginning of each line of your torrc was added when you posted your bridges here i.e. they are not actually in your torrc. (Just trying to be thorough)

Have you tried connecting to Tor without using obfs bridges? If you are using obfs bridges because Tor use is dangerous were you live Do Not Try!


The IPs is just taken from the example in the whonix official doc, isn’t real.
The ** is from the redaction, there’re not in the torrc’s file.
And why did you tell me that? Sorry, just I need understand.
Did you see something wrong in the torrc’s file?


Hi linurandy

I wanted to make sure that you did’t put the astericks ** in your torrc as that would be the reason you are not able to connect to Tor. I did not realize that ** indicated a redaction (thought that was your actual torrc file) :smile:

It would be helpful to know

  1. . Did you include the cert along with iat-mode=0 with our bridges? E.x.

     bridge obfs4 0EEB10BF4B4FAF56D46E cert=oue8sYYw5wi4n3mf2WDOg iat-mode=0 
  2. Are you sure you didn’t make a typing error in your torrc?

  3. Have you tried to connect to Tor without using bridges? If Tor use is dangerous in your area Don’t Try!

  4. Do you have a firewall upstream from Whonix-Gateway that could be preventing you from connecting

  5. Have you tried downloading TBB on your host to see if you are able to connect to Tor from there? Once again Do Not Try if Tor is dangerous to use in your area


Hi, 0brand
Thanks for your time.
Where could I find cert=oue8sYYw5wi4n3mf2WDOg iat-mode=0 ? or it’s the same for all.


Hi linurady

The cert (cert=oue8sYYw5wi4n3mf2WDOg iat-mode=0) is not the same for all.

What I would like you to try ( if its OK with you ) is removing the current bridges you have in your torrc and adding new ones. I’m not sure if you used VirtualBox Clipboard Sharing to copy your Bridge Lines from your host to Whonix-Gateway torrc previously but I would like you to use it. This will prevent typos in your torrc.

The next thing to do is get new obfs4 bridges but instead of using email you can go to this site to get 3 new bridge lines.


Be sure to use shared clipboard so you can copy and paste the bridge lines into you torrc.

After you have completed adding your new bridges your torrc should look like this:

# This file is part of Whonix
# Copyright (C) 2012 - 2013 adrelanos
# See the file COPYING for copying conditions.

# Use this file for your user customizations.
# Please see /etc/tor/torrc.examples for help, options, comments etc.

# Anything here will override Whonix's own Tor config customizations in /usr/share/tor/tor-service-defaults-torrc

# Enable Tor through whonixsetup or manually uncomment "DisableNetwork 0" by
# removing the # in front of it.
DisableNetwork 0
UseBridges 1 
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed

bridge obfs4 0EEB10BF4B4FAF56D46E cert=oue8sYYw5wi4n3mf2WDOg iat-mode=0
bridge obfs4 DD21A551767816A0C9495 cert=7qzS6KASquPvJU82Fm7qoJw iat-mode=0
bridge obfs4 B3B8009D01BB7E5FDFAEC cert=4RaIqGiOytEXm6Hw iat-mode=0

If your torrc looks OK type this command in your konsole and press enter. ( hopefully output will be “/etc/tor/torrc config valid” )

sudo -u debian-tor tor --verify-config

If your torrc configuration is valid you can start where you left off ( Bridges Wiki Step 3 Enable Tor )


If your torrc is not valid or you are still not able to connect to Tor I will continue helping you troubleshoot. ; )


apparently work, but i 've other problem the proxy is rejecting me the connection to this bridges, i think i need bridge with port 80 and 443 like documentation’s said.
what i do?


Hi linurandy

I’m not sure of an easy way to get 80,443 port bridges. You can try using the site you got the last bridges from or maybe send an email to the Tor Project. They may be able to tell you the best way to get the bridges you want.

Taken from: https://bridges.torproject.org/bridges?transport=obfs4

My bridges don’t work! I need help!

If your Tor doesn’t work, you should email help@rt.torproject.org. Try including as much info about your case as you can, including the list of bridges and Pluggable Transports you tried to use, your Tor Browser version, and any messages which Tor gave out, etc.


from my whonix i could make traceroute without tor available?:sob:


Hi linurandy

If you were able to traceroute without Tor connectivity it would mean over clearnet.

clearnet = De-anonymization

Keep in mind that it could be something other than the bridges themselves that is preventing you from connecting to Tor.

  1. Since the bridges you are using are publicly available it is easy for censors to block some of them.

  2. If you have an upstream firewall that is blocking your bridge ports.

  3. You could have other unknown connectivity problems.

As I mentioned previously:

Have you tried to connect to Tor without using bridges?? Either by downloading Tor Browser Bundle to your host OS or by using Whonix without configuring bridges. Its not something that you should do if it is dangerous or suspicious to use Tor in your area. If it is something you have tried it would be helpful with troubleshooting.


That’s was rhe response:
No permission to create tickets in the queue ‘help’


Hi linurandy

If you are having issues with " help@rt.torproject.org " you can also ask for help on the #tor irc channel . You can find the link along with other support related resources here: