ID: 90PHID: PHID-TASK-bfa7qbqtjccvdhtyizwnAuthor: JasonJAyalaPStatus at Migration Time: openPriority at Migration Time: Normal
A GUI/CLI that monitors and controls the Tor connection.
Gateway:
new circuit
see Tor status (connected, problem, etc.)
First Time Connection Wizard
setting up (private) (obfuscated) bridges
setting up flash bridges
view Tor logs
restart Tor
run TimeSync
newnym torify Windows (textual feature)
torify Other Operating System (textual feature)
Whonix-Workstation
check if Whoinx-Gateway is reachable
check Tor status on Whonix-Gateway
advise to start on Whonix-Gateway, in case it’s not running
get notified about events from Whonix-Gateway
newnym
@HulaHoop says:
Forum discussion:https://forums.whonix.org/t/whonix-setup-wizard-graphical-technical-discussion
Previous discussion of newnym tool:https://github.com/Whonix/Whonix/issues/102
Related:
2015-09-24 15:26:06 UTC
Hi there ,
new circuit (do we want to build custom circuits , extend circuits and so on or just create some ?) (either way already done)
see Tor status (connected, problem, etc.) (isnt this handled by arm?)
First Time Connection Wizard (Why do we need this when we already got whonixcheck etc ?)
view Tor logs (working on that)
restart Tor (done)
run TimeSync (is this still needed ?)
newnym (done)
get notified about events from Whonix-Gateway (working on that)
do we want to aim this tool for advanced and novice users ?
the Cli part is almost done , so please stop me if some of this is not needed anymore
2015-09-25 19:08:43 UTC
! In T90#6754, @goldstein wrote:
How much control do you want on those options ?
new circuit (do we want to build custom circuits , extend circuits and so on or just create some ?) (either way already done)
Just signal newnym. No custom circuits. No extend circuits. Easy.
see Tor status (connected, problem, etc.) (isnt this handled by arm?)
arm causes loads of confusion. (Control and Monitor Tor )
First Time Connection Wizard (Why do we need this when we already got whonixcheck etc ?)
Right. #whonix-setup-wizard does this already. So we don’t need this in Whonix Tor Controller. This ticket is already very old and has not been updated since.
view Tor logs (working on that)
Useful.
run TimeSync (is this still needed ?)
No. We get sdwdate-gui (tray icon).
get notified about events from Whonix-Gateway (working on that)
do we want to aim this tool for advanced and novice users ?
novice users.
the Cli part is almost done , so please stop me if some of this is not needed anymore
Good question. @bnvk is an UI designer. I don’t know if he is ready yet to suggest what will be useful and how.
I am also wondering now if it should become a “Whonix Tor Controller” or general “Tor Controller”.
2015-09-25 19:31:36 UTC
A lot has changed since this ticket has been created. So I disagree with “not to implement the functions already being done by arm”.
Whonix-Gateway
setting up (private) (obfuscated) bridges
Seems difficult. Maintenance intensive. Not sure if you would be up to maintain this?
The real long term plan for the time being was:https://phabricator.whonix.org/T118
Even more difficult.
torify Windows (textual feature)
torify Other Operating System (textual feature)
Differers per per supported platform. Doable.
Whonix-Workstation
check if Whoinx-Gateway is reachable
advise to start on Whonix-Gateway, in case it’s not running
Perhaps useful alternative diagnosis tool as alternative to whonixcheck. Not really sure we need this since it’s probably hard to provide better advice than whonixcheck.
check Tor status on Whonix-Gateway
get notified about events from Whonix-Gateway
Not good.
Hm.
All in all, this ticket is a disaster. Not actionable. We need an updated proposal on what we’re trying to accomplish without stretching it too much. For example if we want a Tor Controller, we should leave Whonix-Workstation out.
I hope you’re not deterred by that @goldstein .
2015-09-26 14:52:42 UTC
Is there anyway we can chat ? (got some more questions)
Im currently rewriting the whole thing as im still learning the stem api so its no big deal to implement/remove stuff
2015-09-29 18:06:07 UTC
setting up (private) (obfuscated) bridges
Perhaps useful alternative diagnosis tool as alternative to whonixcheck. Not really sure we need this since it’s probably hard to provide better advice than whonixcheck.
setting up flash bridges
arm causes loads of confusion. (Control and Monitor Tor )arm · Wiki · Legacy / Trac · GitLab
I am also wondering now if it should become a “Whonix Tor Controller” or general “Tor Controller”.
I hope you’re not deterred by that @goldstein .
2015-10-04 13:19:30 UTC
Just back from the Tor summer dev meeting. Idea T118 has been abandoned. (T118#6811) Pluggable transports will not change that often.
Therefore, now there is some useful work to do. Implementing a Tor Bridge (circumvention) wizard.
Do you know tor-launcher (screenshots )? Could you look at the latest version that comes with TBB please? And then copy/re-implement its GUI design? I.e. work on whonix-setup-wizard ?
(No Tor Project logo. Initially, only obfs3 and obfs4 bridge support. Later, once meek has been packaged, also meek.)
2015-10-04 14:40:28 UTC
Implementing a Tor Bridge (circumvention) wizard.
2015-10-04 16:18:02 UTC
! In T90#6816, @goldstein wrote:
A setup wizard (similar to tor-launcher) adding a bridge to torrc.
what do you mean by re-implement / copy its design ?
By design I meant here, how tor-launcher GUI is looking. How its windows are looking. The UX, user experience. Using the same or very similar textual strings.
Using tor-launcher’s style and then improving whonix-setup-wizard doing this.
you want to add the bridge feature to whonix-setup-wizard and to look like the tor-launcher
Yes.
(At the moment, whonix-setup-wizard bridges feature is only a textual help. Cannot actually add/remove something to/from torrc.) (Back then, the bridge feature seemed daunting and a T118 seemed to be the way to go. But now it got clear, that a T118 is no option and that re-implementing the bridge wizard is the way forward to improve bridge/circumvention usability.)
2015-10-05 18:57:10 UTC
2015-10-06 12:56:39 UTC
The bridge options were tested (obs2, obfs3 and scramblesuit at the time, if I remember correctly) when we had the discussion about including them or not in whonix-setup-wizard, and decided to go for T118.
It would be a matter of retesting first, then enabling the option “Tor is censored in my area” and add a page to the wizard that could look like the one in tor-launcher, including the custom brige option (if it’s judged necessary).
A note about T118. Been on and off on that one. It looks like tor-launcher is merely settings variables, and that the actual work (like editing torrc or starting meek-client) is done downstream, in firefox or wherever. So I’m not sure it’s even possible achieve the bridges settings that way, without starting Tor browser.
2015-10-06 15:40:34 UTC
A note about T118. Been on and off on that one. It looks like tor-launcher is merely settings variables, and that the actual work (like editing torrc or starting meek-client) is done downstream, in firefox or wherever. So I’m not sure it’s even possible achieve the bridges settings that way, without starting Tor browser.
It would be a matter of retesting first, then enabling the option “Tor is censored in my area” and add a page to the wizard that could look like the one in tor-launcher, including the custom brige option (if it’s judged necessary).
2015-10-06 15:43:40 UTC
! In T90#6837, @troubadour wrote:
Copied here:
2015-10-06 16:31:49 UTC
I think thats the best option (want to go for that ? )
Yes.
I think we should replace the current connection wizard page with the text by tor-launcher as much as possible. Because they did actual usability testing.
Combine the option “Tor is censored or dangerous in my area” with option “I use a proxy or firewall settings to connect to the internet”. Use the same text that tor-launcher uses.
I am not sure if we should keep the “disable Tor” option?
History: I guess it’s only 4 options, because whonix-setup-wizard (graphical desktop gui) originally was a rewrite of whonixsetup (cli gui, not very appropriate for a graphical desktop). I didn’t know better. Tools were limited. Not sure tor-launcher already existed [in Tor Browser stable].
2015-10-07 11:41:33 UTC
2015-10-07 12:58:52 UTC
Alright.
why would you disable Tor when you have just started the Whonix VM to Route your traffic trough tor ?
A reason I could see is if you want to travel somewhere. Switch from
Probably a minority and insufficient reason to add the extra option that
So unless someone has an argument why we should keep it, let’s remove
2015-10-09 21:44:03 UTC
2015-10-10 17:22:32 UTC
Its a minority use case but very important IMO for high risk users who need to avoid guard fingerprinting.@HulaHoop
2015-10-10 18:12:09 UTC
2015-10-11 01:00:31 UTC
2015-10-19 14:28:35 UTC
2015-10-25 21:44:26 UTC
Started Tor Launcher clone interface.Connect or Configure) should be a separate GUI which either enable Tor or start the bridges wizard.
I’m not sure where the disclaimer pages fit in that scheme. They are not used in Qubes, do we want to keep them for VirtualBox / KVM?
2015-10-25 22:28:05 UTC
2015-10-27 12:15:50 UTC
the first page (Connect or Configure) should be a separate GUIDisable Tor option.
{F763}
2015-10-28 21:06:20 UTC
2015-10-28 21:39:16 UTC
No. Keeping it super simple.
I am also wondering if we need the disable Tor option. For this minority use case, wouldn’t it make more sense if users disabled the (virtual) network interface then?
Perhaps Whonix Setup Wizard → Whonix Connection Wizard?
2015-10-28 22:07:57 UTC
I am also wondering if we need the disable Tor option. For this minority use case, wouldn’t it make more sense if users disabled the (virtual) network interface then?
Perhaps Whonix Setup Wizard → Whonix Connection Wizard?
2015-10-29 00:29:24 UTC
2015-10-29 18:03:01 UTC
2015-10-29 21:42:11 UTC
2015-10-29 22:03:16 UTC
2015-10-29 22:51:34 UTC
2015-11-03 21:39:05 UTC
Progress update.
The default bridges are implemented. When the wizard restarts tor, it shows the bootstrap progress in a progress bar.
The default bridges file is in /etc/bridges for not finding a better place. It’s in json format, so it could be difficult to have a proper .d configuration mechanism. That should not be a big issue since the choice for custom bridges will be given.
The AppArmor denied message popping when using scramblesuit has gone after disabling and re-enabling the obfsproxy profile. Will look into that.
2015-11-05 00:14:48 UTC
2015-11-14 16:30:20 UTC
! In T90#7030, @troubadour wrote:tor-launcher-clone. It’s for review only, showing the new pages.
shutil.copy('/etc/tor/torrc', '/etc/tor/torrc.orig')
shutil.copy('/etc/tor/torrc.anondist', '/etc/tor/torrc')
For? I don’t understand why we should use the anondist file for anything. It should just be a symlink.
When rerenning kdesudo whonix-setup-wizard setup (or quick) I just keep getting the finish screen. Not the connection setup again.
2015-11-26 22:21:24 UTC
2015-11-26 23:20:49 UTC
Merged fix apparmor denied messages for obfs3 / scramblesuit transports · Whonix/anon-gw-anonymizer-config@8ff911f · GitHub also.
Using service tor@default instead.
Seems okay.
Could you review tor 0.2.7.5 -> use tor@default service in tor_status.py · troubadoour/whonix-setup-wizard@ca9e0f9 · GitHub .
kdesudo whonix-setup-wizard quick works great. A totally missing DisableNetwork 0 in /etc/tor/torrc doesn’t break it.
obfs3, obfs4, scramblesuit all working.
kdesudo whonix-setup-wizard quick → Disable is broken.
It’s great for debugging that we see the output of Tor service restarts when start from command line.
Please remove the grayed out transports. I guess the grayed out ones would generate more support requests than not showing them at all.
During the bootstrap phase, the back and next buttons don’t work. The next button probably would not make sense either way. And the back button, I don’t know if we need it. Would fixing the back button be difficult?
This is the ClientTransportPlugin that TBB adds when choosing obfs4.
ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec ./TorBrowser/Tor/PluggableTransports/obfs4proxy
To simplify the code a bit, I am wondering if when using bridges, if we should always add all ClientTransportPlugin lines that Whonix supports. I.e.
ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec /usr/bin/obfs4proxy
man obfs4proxy indicates this should work. However, it does not work for me, unless I remove ,scramblesuit.
2015-11-26 23:24:57 UTC
Perhaps, in bridge mode, we could always add the following two options?
ClientTransportPlugin obfs2,obfs3,scramblesuit exec /usr/bin/obfsproxy managed
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed
Perhaps that would make later user manual configurations easier? And always adding all ClientTransportPlugin in bridge mode would perhaps also simplify the code a bit?
2015-11-27 22:22:26 UTC
Had some doubts about obfsproxy AppArmor lines working in system_tor profile. They don’t.
Explanation [attempt, it’s a nasty one]. The AppArmor denied messages generated by scramblesuit or obfs3 are one shot errors. For example, after /var/lib/tor/pt_state/scramblesuit has been read once , it seems that subsequent uses of scramblesuit don’t check for it any longer. The extra lines can then be commented or removed without any effect.
It was working on your system (like mine) most likely because you tested earlier with the local/usr.bin.obfsproxy profile.
The messages did show up after a fresh whonix-gw / sys-whonix installation (wanted to remove obfsproxy package, but it would remove whonix-gateway too).
Created usr.bin.obfsproxy.anondistusr.bin.obffproxy.anondist · troubadoour/anon-gw-anonymizer-config@4f1c421 · GitHub
2015-11-27 22:33:08 UTC
2015-11-27 23:01:18 UTC
2015-11-28 19:44:41 UTC
2015-11-28 19:51:25 UTC
2015-11-29 20:44:31 UTC
! In T90#7349, @Patrick wrote:
Made the back button as well as a cancel button available even during the bootstrap phase. For this, a bootstrapping thread is running beside the qt loop. And that brings me to a point I wanted to raise for some time.
We cannot afford a sys.exit(0) in the middle of a secondary thread. Which means that the wizard would be the same for VirtuaBox/KVM and Qubes (an improvement maintenance-wise) starting with a Next button, ending with a Finish button.
At this stage, adding the proposed code to the existing whonix-setup-wizard is getting difficult. This piece of software is already overly complicated in my opinion (not mentioning someone else, I can project myself a few years forward, if for any reason I have to find my way in that maze).
That’s why I suggest to split the wizard in two pieces [packages] at least.
whonix-connection-wizard: a clone of Tor Launcher, in Whonix Gateway/whonix-gw.whonix-setup-wizard: locale settings, disclaimer, whonix-repository, first use notice, in both gateway and workstation.
It would imply a re-work of the initializer, autostart, status files… Doable.
Created a temporary package whonix-connection-wizard. It installs the files in /usr/share/whonix-connection-wizard. To run itkdesudo python whonix_connection_wizard.py
GitHub - troubadoour/whonix-connection-wizard
2015-11-29 21:09:50 UTC
I am fine with the split. Sure, let’s make the code simpler and maintainable.
Instead of whonix-connection-wizard, we can even make this even a generic package, anon-connection-wizard?
2015-11-29 21:27:14 UTC
2015-11-29 21:34:17 UTC
2015-12-05 21:30:38 UTC
2015-12-18 20:14:54 UTC
2015-12-19 17:58:48 UTC
2015-12-19 19:41:07 UTC
Yes, that sounds sensible. Remembering previous experience with TPO, it’s probably better to wait and see what it will look like eventually. I’ll try to finish the current version in Whonix with the architecture defined so far. We can redesign when Tor Launcher comes with new features. I’ll use the new text though, aware that that will change too, but can be easily updated.
2015-12-19 20:01:34 UTC