Whonixcheck - Tor is disabled

zerop · October 23, 2018, 9:27pm

Hello, I am running into an issue with whonixcheck.

WARNING: Tor Check Result: Tor is disabled. Therefore you most likely can not connect to the internet.

Debugging information: Could not find DisableNetwork 0 in Tor config.)

I then continue to sys-whonix terminal and do a:

sudo whonixsetup

I press that I’m ready to use tor -> connect to tor network now -> Tor has been successfully enabled. Press enter to run whonixcheck and exit -> I press enter and do the whonixcheck and get this result:

INFO: Starting whonixcheck…
[INFO] [whonixcheck] sys-whonix | Whonix-Gateway | whonix-gw-14 TemplateBased ProxyVM | Tue Oct 23 22:03:23 UTC 2018
[ERROR] [whonixcheck] Tor Config Check Result:
Your Tor config file contains at least one error.
(Tor exit code: 1)
Tor concise reports (below warns and errors must be fixed before you can use Tor):
Oct 23 22:03:26.787 [warn] Directory /var/lib/tor/.tor cannot be read: Permission denied
Oct 23 22:03:26.788 [warn] Failed to parse/validate config: Couldn’t access private data directory “/var/lib/tor/.tor”
Oct 23 22:03:26.788 [err] Reading config failed–see warnings above.
Tor full reports:
Oct 23 22:03:26.784 [notice] Tor 0.3.4.8 (git-5da0e95e4871a0a1) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.1.0f, Zlib 1.2.8, Liblzma 5.2.2, and Libzstd 1.1.2.
Oct 23 22:03:26.785 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Oct 23 22:03:26.785 [notice] Read configuration file “/etc/tor/torrc”.
Oct 23 22:03:26.787 [warn] Directory /var/lib/tor/.tor cannot be read: Permission denied
Oct 23 22:03:26.788 [warn] Failed to parse/validate config: Couldn’t access private data directory “/var/lib/tor/.tor”
Oct 23 22:03:26.788 [err] Reading config failed–see warnings above.
Try to look at this report yourself by running.
dom0 -> Start Menu -> ServiceVM: sys-whonix -> Terminal
sudo -u debian-tor tor --verify-config
To try to fix this, please open your Tor config file.
dom0 -> Start Menu -> ServiceVM: sys-whonix -> Torrc
or in Terminal: sudo nano /usr/local/etc/torrc.d/50_user.conf
Please restart Tor after fixing this error.
dom0 -> Start Menu -> ServiceVM: sys-whonix -> Restart Tor
or in Terminal: sudo service tor@default restart
Restart whonixcheck after fixing this error.
dom0 -> Start Menu -> ServiceVM: sys-whonix -> Whonix Check
or in Terminal: whonixcheck
If you know what you are doing, feel free to disable this check.

I am completly lost what to do…

0brand · October 23, 2018, 10:23pm

Hi zerop

If not already done so, you can enable Tor using whonixsetup.

In sys-whonix konsole, run.

whonixsetup

https://whonix.org/wiki/Tor#Step_3:_Enable_Tor

Or, can also add the DisableNetwork 0 option to your torrc i.e.Tor configuration file.

In sys-whonix konsole, open torrc in a text editor.

sudo nano /usr/local/etc/torrc.d/50_user.conf

Add

DisableNetwork 0

Next, in sys-whonix konsole, reload Tor

sudo service tor@default reload

https://whonix.org/wiki/Tor#Reload_Tor

zerop · October 23, 2018, 10:33pm

Hi 0brand,

How do I save after typing DisableNetwork 0 into the 50_user.conf file? I can’t press enter to enter command like normally.

GNU nano 2.7.4           File: /usr/local/etc/torrc.d/50_user.conf           Modified  

# Tor user specific configuration file
#
# Add user modifications below this line:
############################################
DisableNetwork 0




















                 [ line 7/8 (87%), col 1/1 (100%), char 146/147 (99%) ]
^G Get Help   ^O Write Out  ^W Where Is   ^K Cut Text   ^J Justify    ^C Cur Pos
^X Exit       ^R Read File  ^\ Replace    ^U Uncut Text ^T To Spell   ^_ Go To Line

-

If I then try to reload Tor after typing DisableNetwork 0 in another sys-whonix terminal I get this result

user@host:~$ sudo service tor@default reload
tor@default.service is not active, cannot reload.

0brand · October 23, 2018, 10:54pm

Hi zerop

After making edits to torrc in nano

Press Ctrl + X

Press Y if changes are correct

Press Enter

Next, if Tor was not already running (my mistake) Start Tor.

sudo service tor@default start

Then run whonixcheck

In sys-whonix konsole, run.

whonixcheck

Edit: Most packages also have manual a (page) with instructions on how to use the software.

Use the following syntax.

man <package>

For example, for nano man page, run.

man nano

zerop · October 23, 2018, 11:12pm

Thanks, I have now saved the changes to the torrc!

But when I then try start tor I get this message:

user@host:~$ sudo nano /usr/local/etc/torrc.d/50_user.conf
user@host:~$ sudo service tor@default start
Job for tor@default.service failed because the control process exited with error code.
See “systemctl status tor@default.service” and “journalctl -xe” for details.
user@host:~$ systemctl status tor@default.service
● tor@default.service - Anonymizing overlay network for TCP
Loaded: loaded (/lib/systemd/system/tor@default.service; static; vendor preset: enable
Drop-In: /lib/systemd/system/tor@default.service.d
└─30_qubes.conf, 40_obfs4proxy-workaround.conf, 40_qubes.conf, 50_controlsocke
Active: failed (Result: exit-code) since Tue 2018-10-23 23:07:38 UTC; 19s ago
Process: 15193 ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-de
Process: 15190 ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d

Oct 23 23:07:37 host systemd[1]: tor@default.service: Control process exited, code=exited
Oct 23 23:07:37 host systemd[1]: Failed to start Anonymizing overlay network for TCP.
Oct 23 23:07:37 host systemd[1]: tor@default.service: Unit entered failed state.
Oct 23 23:07:37 host systemd[1]: tor@default.service: Failed with result ‘exit-code’.
Oct 23 23:07:38 host systemd[1]: tor@default.service: Service hold-off time over, schedul
Oct 23 23:07:38 host systemd[1]: Stopped Anonymizing overlay network for TCP.
Oct 23 23:07:38 host systemd[1]: tor@default.service: Start request repeated too quickly.
Oct 23 23:07:38 host systemd[1]: Failed to start Anonymizing overlay network for TCP.
Oct 23 23:07:38 host systemd[1]: tor@default.service: Unit entered failed state.
Oct 23 23:07:38 host systemd[1]: tor@default.service: Failed with result ‘exit-code’.

I have setup UDP configs and not TCP config files I believe. Is this why it’s failing?

0brand · October 23, 2018, 11:14pm

Tor will not function over UDP. Only TCP

0brand · October 23, 2018, 11:17pm

What configuration files did you set up UDP? Before you make any modification to Whonix you should ensure you have a connection to Tor. That is unless your configuring obfs bridges or pluggable transport to circumvent censorship.

zerop · October 23, 2018, 11:31pm

Damn… I read that UDP was most standard and hoped it was correct

I followed this guide from NordVPN and choose ‘’‘cd ovpn_udp’’ at stage 8. https://nordvpn.com/sv/tutorials/linux/openvpn/

I tried to go back to this guide and do a ‘‘cd ovpn_tcp’’ -> ‘‘ls -al’’ -> choose a TCP server -> ‘‘sudo openvpn X.ovpn’’ -> credentials -> this error:

user@NORDVPN:/etc/openvpn/ovpn_tcp$ sudo openvpn se29.nordvpn.com.tcp.ovpn
Tue Oct 23 19:22:09 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Tue Oct 23 19:22:09 2018 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
Enter Auth Username: **********************
Enter Auth Password: ********
Tue Oct 23 19:22:24 2018 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Tue Oct 23 19:22:24 2018 NOTE: --fast-io is disabled since we are not using UDP
Tue Oct 23 19:22:24 2018 Outgoing Control Channel Authentication: Using 512 bit message hash ‘SHA512’ for HMAC authentication
Tue Oct 23 19:22:24 2018 Incoming Control Channel Authentication: Using 512 bit message hash ‘SHA512’ for HMAC authentication
Tue Oct 23 19:22:24 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]xxxxxxxxx:443
Tue Oct 23 19:22:24 2018 Socket Buffers: R=[87380->87380] S=[16384->16384]
Tue Oct 23 19:22:24 2018 Attempting to establish TCP connection with [AF_INET]xxxxx:443 [nonblock]
Tue Oct 23 19:24:24 2018 TCP: connect to [AF_INET]xxxxxxxx:443 failed: Connection timed out
Tue Oct 23 19:24:24 2018 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Tue Oct 23 19:24:24 2018 Restart pause, 5 second(s)

0brand · October 23, 2018, 11:39pm

Hi zerop

Its a good idea to read through the entire wiki at least once to get an idea of what is documented there. It will take some time but its highly recommended to do so.

Note: Sensitive information should be redacted when you post logs. I edited your IPs addresses out.

zerop · October 24, 2018, 12:05am

Hi 0brand,

Thanks for hiding my IP-addresses!

Also thanks for providing the wiki link. But with a quick-oversight of the page it didn’t look like my solution to my issue was there. Then there was a setup guide for VPN -> Tor which I then made a quick-oversight (https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor) and the guide is using a different VPN providor and also looks very different to how I’ve been setting up my VPN through all guides I’ve been learning from and following.

To be honest I am not looking to become an expert at the systems, only to browse safely. So if there is any easy solution to my issue; I would gladly take the easy road!

Also thanks for your efforts 0brand

Patrick · October 24, 2018, 10:34am

systemd unit won’t be failing in case of UDP.
(If anything, Tor wouldn’t connect if VPN doesn’t work.)

Tor can connect through a host VPN which uses UDP for its connectivity since Tor itself can use TCP inside the VPN. So as long as the VPN is capable to transport TCP (really any should be when working), it is ok as a host VPN. (It is ok for user -> VPN -> Tor -> destination.)

What doesn’t work directly is UDP from Whonix-Workstation over the Tor network. For that see:

This needs to be resolved first. Tor config issue.

zerop · October 24, 2018, 1:39pm

Is it not easier just deleting my VPN VM and make a new VPN VM using UDP? Since I must be getting ‘‘tor@default.service: Unit entered failed state.’’ error because I’ve messed something up in my current VPN VM.

Or could it be because I’ve made changed to my Tor bridge? I followed this guide from whonix wiki: https://www.whonix.org/wiki/Bridges

While waiting for a response I’ll try to make a new VPN VM using TCP config files.

zerop · October 24, 2018, 5:03pm

I’ve now made a new VPN VM using TCP. It’s working but I’m having issues with my whonixcheck. This thread can be closed; I continued my new issue in this thread:

0brand · October 25, 2018, 12:39am

Hi zerop

When requesting support it is important that you mention all changes you have made. For example, knowing that you are using bridges and a VPN a the beginning would have been very helpful.

For starters, combining bridges and VPNs to increase tunnel lenght does not mean stronger anonymity/security. On the contrary, this can do the opposite. I can’t think to may reasons (if any) to use a bridges and a VPN for your first 2 hops. You are only adding complexity and more chances to make a mistake in your configuration. If you live in an area that censors, use Tor bridges. If you’re not censored, there really no benefit to using a bridge unless your concerned about fingerprinting across different physical locations. This only applies to certain corner cases.

It is likely that using both bridges and VPN is the reason for no connection. My recommendation is use one at at time. If you want to use both, set one up at at time.