[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [CONTRIBUTE] [DONATE]

[Workaround] Can't connect to Tor with VPN active on host

A couple of months ago (I think), I started having a problem with Whonix Gateway; more specifically, after updating the packages one day, the gateway stopped being able to connect to the Tor network

A few notes regarding this problem :

  • Problem affects a fresh Whonix setup
  • Problem affects people with a setup similar to mine
  • Problem is similar to issue No. 3133 from 2016
  • Contrary to issue 3133, OpenVPN doesn’t seem affected, only Wireguard (tested by someone else)
  • Host (Arch) is using Wireguard through the open source Mullvad VPN daemon (important)
  • Gateway is NATed to the VPN interface
  • Only Whonix is affected, all other VMs and applications on host work fine
  • Connectivity works fine if using an older VM backup (though I can’t figure out what package is to blame as about 40 of them get updated when running the upgrade command)

As written in the title though, there is a workaround that can be applied within Whonix Gateway:
Connectivity can be reestablished by using bridges (tested with obfs4); and oddly enough, until rebooting, connectivity will work fine even if you disable the bridges and restart Tor

I’m not sure I expect a solution to be found given how specific the problem seems to be, but at the very least I figured someone could use the information

My guess is that there’s a conflict between the IP range assigned on the Wireguard interface and the internal range assigned for the external Whonix network. You’d have to manually edit the network settings and GW XML of the latter to accommodate the former perhaps using something in the 172.x.x.x ranges instead.

I was able to replicate the same issue myself here. I was using Wireguard with my VPN and it was not working and was not happy. Switching to OpenVPN seems to have, for the past few minutes, fixed the problem.
@HulaHoop for reference I have ensured all IP blocks are different and not conflicting, there is a legitimate issue with the Whonix KVM in regards to Wireguard traffic on a VPN as far it seems, or possibly something bigger. I even tried splitting routes to no success. However, my Windows 10 VM on this same machine has never had any network connectivity problems. I haven’t tested other Linux OS to see if issue is among multiple ones as I just migrated from Virtualbox to KVM a couple weeks ago for all my daily work.

I’m using Pop!_OS 20.04 for reference as the Host, and the VM’s were built as of three days ago. I have been reverting to snapshots of the base install I made to ensure any tweaks were tested and working. I even destroyed and recreated the VM’s from scratch and following documentation very closely.

Check out network manager settings on the host and enable automatic connection to your VPN. Check that all users can use your connection.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]