[Workaround] Can't connect to Tor with VPN active on host

A couple of months ago (I think), I started having a problem with Whonix Gateway; more specifically, after updating the packages one day, the gateway stopped being able to connect to the Tor network

A few notes regarding this problem :

  • Problem affects a fresh Whonix setup
  • Problem affects people with a setup similar to mine
  • Problem is similar to issue No. 3133 from 2016
  • Contrary to issue 3133, OpenVPN doesn’t seem affected, only Wireguard (tested by someone else)
  • Host (Arch) is using Wireguard through the open source Mullvad VPN daemon (important)
  • Gateway is NATed to the VPN interface
  • Only Whonix is affected, all other VMs and applications on host work fine
  • Connectivity works fine if using an older VM backup (though I can’t figure out what package is to blame as about 40 of them get updated when running the upgrade command)

As written in the title though, there is a workaround that can be applied within Whonix Gateway:
Connectivity can be reestablished by using bridges (tested with obfs4); and oddly enough, until rebooting, connectivity will work fine even if you disable the bridges and restart Tor

I’m not sure I expect a solution to be found given how specific the problem seems to be, but at the very least I figured someone could use the information

My guess is that there’s a conflict between the IP range assigned on the Wireguard interface and the internal range assigned for the external Whonix network. You’d have to manually edit the network settings and GW XML of the latter to accommodate the former perhaps using something in the 172.x.x.x ranges instead.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]